Hey everyone my name is Matt Seeds
and I’m the director of Inspired IT we specialize in Managed IT Services and Office 365 solutions.
So today I want to talk to you about how to secure your Office 365 tenant.
We see a lot of businesses that don’t have simple things enabled
with in their 365 tenants so we have created five simple steps.
So if you’re a business owner
and you’ve set up your own Office 365 tenant
and you don’t really know
what to enable follow these five steps
and it will really secure your data within your Office 365 tenant.
Okay, I’m just gonna open up a demo tenant
and login on the main 365 homepage.
Then just logging in with the admin credentials for the demo tenant.
All right, so we’re going to click on admin.
And this is the new 365 tenant layout
so I’ll demo in the new admin Center, we select show all.
We select security.
Then we select hunting. And click on start hunting for email and data.
Once that loads down the bottom we’ve got search so expand search and then audit Log search.
Once this loads up you’ll see that we have an option to turn on auditing.
Sometimes it takes a little
while to load but turn it on and then it will take a couple of hours to to enable.
So once it’s enabled you can see from all the activities that we do in the tenant.
like accessing files, checked out files, whose copied a folder, moved a
folder, created a my item list, create an anonymous link.
There’s so many activities that we can search and it’s really easy to do that.
Once it’s enabled, so you can see it continues going on with the Azure AD Groups the
role Administration activities, ediscovery activities,
power bi activities, team activities which has been added recently and flow power-ups stream.
So there’s so many easy things to look at now,
and it’s so easy to do.
Okay. So again, we’re logged in in the demo tenant.
Click on admin.
Then we expand users, active users, we can scroll down to our admin user.
Or if you have a few sometimes easier to type it in so it’s just type in admin.
Then select the little three dots and then edit user name so you can be as creative as you want.
I’ve just put in a example.
So let’s do demotenant and you click save.
Now obviously before setting up this rule,
we need to make sure that you’re not forwarding any emails externally
there should be no reason why you are doing that.
But if you are you might have to adjust this rule to suit your needs.
So right in the tenant login as admin and then select admin.
Select show all and then select Exchange.
select mail flow and then you want to click on the + and then create a new rule.
Let’s name then the rules something you can identify with.
And then we want to expand and select more options and then select the sender “is external internal”.
Let’s try that again. Select sender “is external internal”
and then select inside the organization select the add condition button.
And then select the message properties.
And include the message type and then select auto forward.
Click, okay. then we want to Select Do the Following.
We want to select. Reject the message and then specify a reason so fill this out.
what happens is if it gets Auto forwarded you’ll get a note with this info.
So put whatever you want into it.
Select okay
And then there’s no over settings you need to do for this rile.
It’s like save. And then that’s it.
So as if there was a Phishing
or someone was able to compromise your Office 365 tenant and set up an auto forward.
The email wouldn’t be able to go out of your tenant.
You’re able to run this up via Powershell as well.
I’ve just gone and shown you the GUI way.
But yeah, there’s ways that you can run this by PowerShell.
If you want to know how to run it by PowerShell. Let me know
and I will give you the command to run.
Okay, and this video we’re going to change the tenant branding.
This is a really good thing to enable
so that your staff know that they’re entering their details into the correct 365 tenant.
So let’s configure it. Okay, so login as admin and then select admin.
select show all and select Azure active directory
click on Azure active directory
and then scroll down to where company branding is.
Okay, and then what we want to do is select the file that you want.
To display as your background. Obviously note the size the image limitations
and also the logo that you want to display.
So this is just a picture of a walk.
I did over the weekend with my family and then there’s a logo with my laptop, will click
save Just wait,
for that to update. Enter the username then you can see that the background has been picked up.
The logo hasn’t been picked up but I’ll show you on our tenant
so you can see it looks like and there you go.
That’s our tenant with our background and our logo.
Okay, so next up. We’re going to enable MFA probably one of the most important things to enable
and so easy to do through Office 365.
So we want to log into the admin tenant as an admin and then select admin.
We’re going to go to users
and then select the user you want to enable MFA for, we are going to enable Megan on this test demo.
And then select manage multifactor authentication.
And then find Megan in this list here.
And then select her and enable her, then select enable multi auth.
Next when we logon as her. And we enter in the password.
It will prompt with some more details.
Okay, so we need more information required, select next.
And then for this purpose, we’re just going to send a text to my mobile.
I will hide my mobile
we just need to confirm this mobile number.
I have that and I will just enter that details now now.
select verify and that’s two Factor authentication setup.
So it’s really easy to enable obviously that’s only authenticating via mobile.
I recommend installing the Microsoft authenticator app.
It’s a slightly different process, but it’s really self-explanatory.
enable that for all your staff.
So those are the five things that I recommend to enable with your 365 tenant,
so they’re really straightforward and it will really increase your security within your your tenant.
So please install those and get those set up.