365 Standards

New Users

1 ) 2fa Enabled for Users

2 ) enable Litigation Hold :
Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | ForEach {Set-Mailbox $_.Identity -LitigationHoldEnabled $true }
3) enable mailbox auditing 
Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}
9) Increase Deleted Items from 14 days to 30 days – 
 
Set-Mailbox -Identity “user” -RetainDeletedItemsFor 30
 

Maintenance Tasks

1) Run the Health Score in Azure
 
2) Failed Logins -> Compliance Center , Audit Log Search , Change Filtet to Failed
 
6) Check and Report on any Email Forwarders -> https://gcits.com/knowledge-base/find-external-forwarding-mailboxes-office-365-customer-tenants-powershell/
 
7) Check Spam Policy
  • Image links to remote sites = OFF
  • Numeric IP addresses = ON
  • URL redirect to other port = ON
  • URL to .biz or .info websites = ON
  • Empty messages = ON
  • Javascript or VBScript in HTML = ON
  • Frame or iFrame tags in HTML = ON
  • Object tags in HTML = ON
  • Embed tags in HTML = ON
  • Form tags in HTML = ON
  • Web bugs in HTML = ON
  • Apply sensitive word list = ON
  • SPF record hard fail = ON
  • Conditional sender ID hard fail = ON
  • NDR backscatter = ON
8) Check Retention Policy: Security and Compliance Center, Retention
 
10 ) Disable users being able to installed 3rd party Plugins : 
 
set-MsolCompanysettings -UsersPermissionToUserConsentToAppEnabled $false
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently upgraded a IPV500 v2 phone system from Version 9 to 10 and had a phone stuck on 

Discover xxx.xx.xxx.x

 

To perform a reset in the Craft Menu you can try clearing the phones values so that when it establishes DHCP again it’ll point to the PBX (as long as the port its connected to has a route to the PBX).

Reboot the phone and when you see the “Press * to program” screen, press it and try entering the passcode as (CRAFT) 27238#.. Thats the default so it may not work on all phones. If it works, scroll down to “Clear values” and select it.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

On the Fortigate , Create a new Interface and assign it to the Uplink of your internet or DMZ with a Vlan ID and Enable DHCP

Create a policy to allow outbound

 

On the Switch ( ours GS752TP ) that the access points plug into,  Tag the ports with the Vlan ID you created above, where your access points plug into as all as the port for the Uplink from the Switch to the Router

On your access points  ( Ours WNDAP360 ) create a new SSID and Tag these to the new VLAN ID

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Enter IP of the Server

 

Or deploy  GPO to copy the file

C:\Users\%username%\AppData\Local\e-BRIDGE Capture And Store\PC Client\Settings\Settings.dat

 

and

c:\Users\Default\AppData\Local\e-BRIDGE Capture And Store\PC Client\Settings\Settings.dat

 

VN:F [1.9.22_1171]
Rating: 1.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

As part of our ongoing security focus, we have enabled a new feature within our email security platform from Mimecast.

What will I see?

For a small percentage of links that you click in emails, we will show you a webpage with information about the email you received and the website you are trying to access.

We will ask you to make a decision about whether you are happy to continue to the website, or if you want to change your mind. By prompting you to think before you click, you will help us strengthen our defenses.

 

What do I need to do?

The next time you click a link in an email [delete as needed: or request the release of an original email attachment] you will be asked to enroll in the Mimecast Targeted Threat Protection service in order to continue. You will only be asked to enroll once on each device you use to access your work email (e.g. laptop and mobile).

When prompted in the browser, enter your work email address and click “Next”. We will send you a one time authentication code by email which you will need to enter into your browser where indicated.

If you have any questions or need further help, please contact the IT help desk.

 

 

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Create a CSR , I find Digicert Util is the easiest way to do this

https://www.digicert.com/util/

Save the CSR request somewhere on a network available to the SBS server

Run this on the SBS server

certreq.exe -submit -attrib "CertificateTemplate:WebServer" %locationofcsrfiles%\csr.txt

Save to .cer file somewhere then import this into the server via the Digicert Util

Change the IIS Bindings to this nearly imported CERT

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Set objShell = CreateObject( "WScript.Shell" )
Set objFSO = CreateObject("Scripting.FileSystemObject")
appDataLocation=objShell.ExpandEnvironmentStrings("%APPDATA%")
quick_normal_location = appDataLocation & "\Microsoft\Templates\"
quick_normal_location_file = appDataLocation & "\Microsoft\Templates\Normal.dotm"
		normal_local_network = "%network localtion%Normal.dotm"

' Does the network normal exist
If objFSO.FileExists(normal_local_network) = True Then
	' Does the Local Normal Exist
	If objFSO.FileExists(quick_normal_location_file) = True Then
			' Check to see if the Local Normal is older than the newer Normal
		If CDate(objFSO.GetFile(normal_local_network).DateLastModified) > CDate(objFSO.GetFile(quick_normal_location_file).DateLastModified) Then
			intBkpNum = 1
			While objFSO.FileExists(quick_normal_location_file & intBkpNum) = True
				intBkpNum = intBkpNum + 1
			Wend
			objFSO.MoveFile quick_normal_location_file, quick_normal_location_file & intBkpNum
			objFSO.CopyFile normal_local_network, quick_normal_location_file
		End If
	End If
End If
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
 
They can add GAL contacts to their personal Contacts Via : http://tomtalks.uk/2017/05/quickly-copy-outlook-exchange-global-address-list-personal-contact-list-phone/ , however this is manual 
 
This will sync Gal to a contacts list : https://www.cirasync.com/sync-gal-outlook-contacts-iphones/
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)