Tag Archives: office 365
The short answer is, yes.
The long answer is that it will require a lot of work on your behalf.
The new Office 365 midsize business plan is very similar to the E3 plan (bar some advanced features which most users probably won’t need anyway) without the more expensive price tag attached to it; for UK users this is £9.80 per user per month as compared to £15 per user per month… if you have a lot of users the cost adds up very quickly.
The default policy for Office 365 user accounts is to automatically expire their passwords after 90 days.
Some of our users experienced this today and the most annoying thing about it was that they were not warned beforehand about it. They were simply locked out their account until they changed it there and then; unlike the Windows OS counterpart which gives you a comfortable 15 day warning before forcing you to change your password.
Anyway, this article will tell you how to set the password expiry from 90 days to never.
Office 365 already enforces a strong password policy so the requirement for a force change doesn’t really offer much additional benefit in my opinion.
So an employee has left the company and you now need to archive the mailbox due to legal and/or company policies.
This article will give you a quick overview on how you can achieve this goal on an Office 365 mailbox while maintaining the integrity and security of your organisation’s 365 account.
Although not necessary, I recommend (as a pre-requisite) disabling account ‘sign-in’ capabilities and resetting the user account password.
This will prevent the user from logging in to the account and messing around with it whilst you are attempting to archive their mailbox.
For one reason or another, you may want to disable remote PowerShell access for all the users in your organisation.
The main reason for doing so would be to prevent ‘reconnaissance’ type attacks whereby a user will try to gain information about your network/organisation/topology/system etc by simply running (in this case) PowerShell queries against your organisation.
By default, users (all, including non-admins) will have remote PowerShell access to your organisation (Exchange online, etc).
Non-administrators have a limited set of commands they can run in PowerShell but the fact that they can access these commands in the first place pops up a red flag (what if a new command was introduced and was inadvertently accessible to all users?)
If you’ve set up distribution groups on Office 365, you will notice a section in the DG ‘details’ page titled ‘E-Mail Options’… under this title is the following text:
“The group can receive messages sent to the following addresses.”
From this, you can safely assume that it is possible to add e-mail aliases to the group so that the group can receive e-mails sent to several different e-mails.
Sadly, there is no easy way of actually doing this via the UI so it must be done via a PowerShell command…