Microsoft has every incentive to ease your business into Office 365. Setup wizards, help videos, live telephone support -- your transition to the cloud will be met with helping hands from the mothership all along the way. But the process isn't necessarily foolproof. It's still very possible to end up with an unsecured, minimally functional Office 365 environment even if you followed all of the helpful guides to the letter.
Also, it’s essential to remember that default settings are built for the lowest common denominator. They're designed to get the average admin and the average user active in the system with the least amount of fuss. That doesn't mean these settings are solid decisions, tailored to your optimal environment. They're simply the easy ones.
And when have our jobs ever been about taking the easy route?
To ensure you have a solid foundation for your Office 365 deployment, you have to get the settings just right. If you want email to arrive safely to its destination free of malware or sensitive information, or your admin portal to be hardened against all but the most complex of tasks or your users' mobile devices to be more of a productivity booster than a liability, you’ll have to go beyond Office 365’s defaults.
Here’s how to ensure your Office 365 environment is set up right.
When you first set up Office 365, you are prompted to configure your domains' DNS to work with Office 365. Microsoft provides records for mail routing (MX), autodiscover (CNAME), and SPF (Sender Protection Framework). Failure to apply the correct settings here can mean complete loss of mail flow or lack of client connectivity.
List all authorized domains, including third-party services, as authoritative domains in Office 365's Exchange admin center to ensure email delivery to all of your recipients. Click on image to enlarge.
SPF is a special consideration. This record type is used to inform other mail systems whether email from your domain is coming from an authorized system. The record provided by Microsoft is suitable if the only place your email will ever originate is Office 365. Often this is not the case, however, because you might use third-party tools such as Salesforce or MailChimp to send email on behalf of your domain or apps. In order to ensure delivery to your recipients, be sure to include any of these services in your SPF record. More information on SPF syntax can be found at The SPF Project.
Once you have full access to the Exchange admin center, you should verify that all of your domain names are listed and declared as authoritative (or of the appropriate relay type as necessary) under Mail Flow > Accepted Domains, as shown in the screenshot above.
Sign up for Computerworld eNewsletters.