Exchange Online Assessment Recommendations Report generated

Recommendation
Create at Least 1 CloudTitle
Global Admin to Ensure Access to
the Tenant
Consider if Federated
Utilising Servers
Quarantine to are not Available
Reduce Delivery of
Unsolicited Emails to Users
Consider Utilising Custom Data Classifications to Safeguard
Sensitive Data in
Create a Client the Organisation
Access Rule to preserve access to remote
PowerShell
Use Maximum
Consider WhetherDuration for Retaining
Journaling Should beDeleted
Used toItems
Help
Comply with Compliance Requirements
Enable Malware Notifications for Messages Sent from
Internal Senders
Implement a Group
Consider Utilising Naming Policy
Document Fingerprinting to Protect
Sensitive Documents in the Organisation
Use Client Access Rules to allow or block client connections
to Exchange Online
Ensure Licenses are Fully Utilized Where Possible
Consider Utilising Custom Role Groups
Use Transport
Use the Rules to Apply
Auto-expanding Disclaimers
Archive to Email
Feature for Messages
Unlimited
Storage
Consider Migrating to Unified DLP Policies to Protect Data
Across all Workloads
Use Outlook Protection Rules to Automatically Apply
Protection to Messages
Consider
Consider Utilising
EnablingGreater
ModerationMax for
Send andor
Large Receive Sizes
Sensitive
Distribution Groups
Enable Read Tracking to Enhance Message Tracking
Use Inbox
Utilise rules to Mailboxes
Equipment Automatically Process
to Allow UsersEmail Messages
to Book
Resources
Utilise
ConsiderShared Mailboxes
Utilising AddresstoBook
Allow Collaboration
Policies if GAL
Segmentation is Required
ent Recommendations Report generated on: 06/13/2019
Why Consider
If all Global AdminsThis
are federated users and the federation servers are not Focus Area
available you will will
Using quarantine not be able the
reduce to login intoof
number the tenant
SPAM withreceived
emails admin credentails
by your Availability and Business Continu
end users
Implementing custom data classifications expands your ability to safeguard Security and Compliance
the
accesssensitive
to remoteinformation
PowerShellspecific to your
ensures thatbusiness
rules can always be edited Security and Compliance
without the need for contacting support.
Using a longer duration for retaining deleted items simplifies recovery in Security and Compliance
case of
Legal accidental
and regulatory deletion.
requirements may require Journaling in place to Availability and Business Continu
provide a record of
If you are not made aware all emailthat
sentanand received
internal user is sending malware there is Security and Compliance
angroup
A increased
naming riskpolicy
that further
ensuresmachines and users
that standards are may be compromised
maintained across the Security and Compliance
tenant
Document fingerprinting further enhances your ability to safeguard Change and Configuration Man
sensitive
Client Accessinformation
Rules can be used to control access to Exchange Online and Security and Compliance
therefore
If licenses offers
are notadditional
utilized youprotection
may notagainst unauthorized
be getting maximum access
value for your Security and Compliance
investment in Office 365.
increased risk of service impacting issues occurring either due to malicious Business/IT Alignment
or
or accidental
regulatory behaviour
requirements, to identify potentially unsafe email messages, Security and Compliance
or
With auto-expandingthat
for other reasons are unique
archives to your
users are organization.
never required to delete data that Business/IT Alignment
they may potentially need. Performance and Scalability
Unified
OutlookDLP policiesrules
Protection protect your information
increase across all workloads
security by automatically applying IRM- Security and Compliance
protection
Office to messages
365 customers theinfreedom
Outlook to choose the maximum size setting Security and Compliance
that’s
Without right for them. there is an increased risk of unwanted emails being
moderation Performance and Scalability
delivered
message has to large
beenor sensitivebut
delivered distribution groups
also whether a particular email has been Security and Compliance
read. This may be useful for reporting.
Automatic processing of email processing can improve operational Operations and Monitoring
efficiency
EquipmentbyMailboxes
reducing the manual
increase workload.
efficiency by allowing users to book and Business/IT Alignment
reserve equipment
common mailbox. They also allow users to share a common calendar, so Business/IT Alignment
they
Address canBook
schedule andcan
Policies viewbevacation
used to time or work
segment usersshifts.
into specific groyps to Business/IT Alignment
provide a customised view of the Global Address List (GAL) Business/IT Alignment
Status Content and Best Practices
Failed There are relatively few administrative tasks, such as assi
Failed Office 365 checks for message characteristics consistent wi
Failed Data loss prevention (DLP) in Office 365 includes many sensi
Failed Client Access Rules help you control access to your Exchange
Failed If you've permanently deleted an item in Microsoft Outlook or Outlook on the web, the item is moved to a fol
Failed Journaling can help your organization respond to legal, reg
Failed For Exchange Online and Exchange Enterprise CAL with Servic
Failed A group naming policy will allow delegation of distribution group in your organization whilst ensuring that the
Failed Information workers in your organization handle many kinds
Failed Client Access Rules help you control access to your Exchange
Failed Microsoft Office 365 is available in a variety of plans to b
Failed Exchange Online provide a number of built in admin role gro
Failed Exchange Online has the ability to attach the required disc
Failed In Office 365, archive mailboxes provide users with additio
Failed Data Loss Prevention (DLP) was originally introduced with Exchange 2013 and was based on transport rules.Un
Failed Exchange Online has the ability to protect emails within th
Failed For the last few years the largest email message you could
Failed Messages sent to a moderated distribution group can be scree
Failed Message tracking will detail when a message has been deliv
Failed Use the New-InboxRule cmdlet to create Inbox rules in mailb
Failed A resource mailbox is a mailbox that represents conference
Failed A shared mailbox:Does not have a username and password, so
Failed Address book policies (ABPs) allow you to segment users int
Affected Objects Score Probability
O365 Exchange Service 5.5 High
O365 Exchange Service 4.6 Moderate
O365 Exchange Service 4.3 Moderate
O365 Exchange Service 3.2 High
O365 Exchange Service 2.9 Moderate
O365 Exchange Service 2.4 Low to Moderate
O365 Exchange Service\Default 2 High
O365 Exchange Service 1.9 Very High
O365 Exchange Service 1.7 High
O365
O365 Exchange
Exchange Service
Service\ 1.6 Moderate
M365x653646:Win10_VDA_E3 1.2 Very High
O365 Exchange Service 1 High
O365 Exchange Service 1 High
O365 Exchange Service 1 High
O365 Exchange Service 0.9 Moderate
O365 Exchange Service 0.9 Moderate
O365 Exchange Service 0.8 Very High
O365 Exchange Service 0.4 Moderate
O365 Exchange Service 0.4 Moderate
O365 Exchange Service 0.3 Low to Moderate
O365 Exchange Service 0.3 Moderate
O365 Exchange Service 0.1 Low to Moderate
O365 Exchange Service 0 Low to Moderate
Impact Effort Technology Source
High Low
High Moderate
High Moderate
High Low
High Low
High Low
Moderate Low
Moderate Moderate
Moderate Moderate
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Moderate Low
Low Low
Low Low
Low Low