Persistently Vulnerable Exchange Servers: prepare for email throttling & blocking

[Update]: There was a change in the rollout timeline. We’ve also shown how to pause email throttling and blocking if your Microsoft 365 tenant is affected.

Microsoft throttles and even blocks emails sent from Exchange Server to Exchange Online. The transport-based enforcement system reports emails sent from vulnerable Exchange Servers and gradually delays and blocks mail flow to force admins to update their on-prem environments. This is to ensure superior security of Microsoft 365 organizations. See if the feature affects you and what you can do to keep your mail flow running. Continue reading...

Transport-based enforcement system blocks emails from persistently vulnerable Exchange servers

Conditional Access Policies in Microsoft 365

Conditional Access Policies (CAP) and Continuous access evaluation (CAE) are mechanisms introduced to Entra ID (Azure AD) to help organizations control access to their Microsoft 365 tenant. They make Client Access Rules obsolete. Read on to learn what you need to set up Conditional Access and how to configure your policies to, for example, block PowerShell access to your company for non-admin users. Continue reading...

Conditional Access Policy Microsoft 365

How to prevent users from changing profile photos in Microsoft 365

[Update]: This post was updated on November 3, 2023 to reflect changes in Microsoft 365 (Office 365).

When you set up user photos in Microsoft 365 (Office 365), they propagate through the whole Microsoft 365 tenant and apps integrated with Entra ID (Azure AD). This means that they are displayed in Outlook, Teams, SharePoint, and more. By default, any user can change their photo to anything they like. This might be a problem for admins who want to keep everything in order. In this article, I’ll show you why and how to block users from changing their photos in Microsoft 365. Continue reading...

How to prevent users from changing profile photos in Microsoft 365

How to set up Microsoft 365 archive policy

With thousands of emails exchanged every day even in a single medium-sized organization, user’s mailboxes might quickly get full. In Exchange Online, you can try to overcome this problem by enabling archive mailboxes and telling users to move old items to them. Unfortunately, the human factor can be the weak link in the process. This is where Microsoft 365 archive policies come into play, offering you a centralized and automated way to keep your users’ primary mailboxes below the cap. Continue reading...

Archive policy configuration in Microsoft 365 (Office 365)

All about sensitivity labels in Exchange Online

[Update]: This blog post was first published on December 13, 2021. It was updated to reflect UI changes in the Microsoft Purview compliance portal (Microsoft 365 compliance center) and show new features, like inheriting a higher priority sensitivity label from email attachments.

Microsoft 365 admins have many tools they can use to secure documents and emails. One of those tools is a sensitivity label. I’ll explain in detail what a sensitivity label is, how to set it up and test if it works well. Continue reading...

Sensitivity labels in Microsoft 365

What is Microsoft Viva and how to configure it part #2: Viva Engage, Goals, and Sales

Microsoft Viva was launched on February 4, 2021 and has been constantly evolving ever since. In this article, I discussed configuration of the first 4 Viva apps (Connections, Insights, Learning, and Topics) from a Microsoft 365 admin perspective. Since that time, Microsoft has launched 3 new ones: Engage, Goals, and Sales, which I’m going to present to you this time. Continue reading...

Improve employee experience with Viva Engage, Goals, and Sales

How to set up out of office replies in Office 365

[Update]: This blog post was updated on September 5, 2023.

Out of office messages in Office 365 (let’s assume Office 365 = Microsoft 365, to make things easier) are an extremely useful thing. Not everyone knows though that this simple automatic reply is more than just an email. In this article, I’ll quickly go over the basics: what out of office message in Office 365 is and how to set it up for your account. For the real treat, I’ll show the easiest way to set up an out of office reply for another user (or all users). Continue reading...

Out of office in Office 365

How to block access to your Exchange Online organization using Client Access Rules

[Update] This post was updated on November 13, 2023 because of Client Access Rules retirement in Exchange Online. To learn about the newer and more secure way to control access to your Microsoft 365 (Office 365) organization, see Conditional Access policies.

Client Access Rules (or CARs) in Exchange Online (and Exchange 2013+ on-premises environments) are rules that you can use to control which client connections are allowed and not allowed to access your Exchange Online organization. They let you define the conditions based on various properties of a client. These can be, for example, the protocol they use to connect, their IP address or an Active Directory attribute. Thanks to that, you have an option to block (or allow) certain client connections to better protect your Microsoft 365 organization. Continue reading...