Managing Office 365 via Active Directory

How Azure AD Connect works

The company has moved from an on-premise Exchange Server to Office 365. You have set up AD Connect to sync all your data and passwords. You have decommissioned and uninstalled all local instances of Exchange Server. Suddenly you discover that you must manage Office 365 via Active Directory, and it seems impossible to because many settings must be changed in the Active Directory Users and Computers Attribute Editor.

Your options for management are essentially the following:

  1. Disable AD Connect – Your data in AD and Azure AD will no longer be synced, but you can easily manage everything from https://portal.office.com/adminportal/home#/homepage.
  2. Install Exchange Server locally – Your data will be in sync. You can set up Mail-Enabled Users to manage users with mailboxes, and groups and contacts will be managed the same way as before via the Exchange Management Console.
  3. Manage mailboxes through Active Directory Users and Computers – Your data will be in sync, and you will have the turn on “Advanced Features” to access the Attribute Editor.

This is a reference table with examples choose Option 3, and manage Office 365 via Active Directory.

TypeFunctionAD AttributeExample
UserHide User from Address BookmsExchHideFromAddressListsTRUE
UserSet alias emailproxyAddressessmtp:information@pandatech.co
UserSet primary emailproxyAddressesSMTP:info@pandatech.co
UserSet Exchange AliasmailNicknameinfo
GroupPermitted SendersauthOrigCN=First Last,OU=IT,OU=Panda Tech,DC=pandatech,DC=co

Frequently used Office 365 settings that are difficult to find in the AD Attribute Editor will continue to be added to the table in the future.

Block Spam and Phishing from Spoofed Emails in Office 365

Spoofing block rule for Office 365

The more we rely on email, the more susceptible we are to spam and phishing attempts by cyber frauders. Recently, yet another company lost 3.8 million when they made a bank transfer requested by a spoofed email. How did it happen?

The attackers set up an email account that mirrored [Alutiiq CEO] Hambright’s email address and sent an email to Alutiiq’s controller that gave instructions about a “confidential transaction” by a person who called minutes later.

Pretending to be an attorney, the co-conspirator requested an “urgent” transfer of the $3.8 million “to an entity later revealed to be a fictitious third party company based in Hong Kong,” Hambright wrote. Hambright and the chief financial officer discovered the transfer two days later.

All companies small and large are susceptible to scams like this. Fortunately for Office 365 users, there is an easy way to effectively block spam and spoofing attempts by blocking senders from “Outside the organization”. Microsoft TechNet Blogger Caltaru Mihai also mentions this technique near the end of his Block Spoofing in Office 365 post and appropriately cautions “that this is a dangerous rule if not configured correctly, but it is very effective at blocking spoofing“.

Office 365 Exchange Admin Center

  1. Log into your Office 365 Exchange Admin Center
  2. Navigate to mailflow, then rules, and add a new rule
  3. Click “More Options…” near the bottom of the new window
  4. Add two conditions:

       The sender’s domain is… yourdomain.com
    AND
       The sender is located… Outside the organization

  5. Add one action:

       Reject the message with the explanation… Message has been blocked as an email spoofing attempt.

    Or

       Modify the message properties… Set the spam confidence level (SCL) to… 9

  6. Add an exception(s)
    • This is not necessary, but it is usually a good idea to whitelist your company’s WAN IPs as well as any other legitimate services that may be sending emails on your company’s behalf. If you have SPF set up, then you can use the same IPs listed in the SPF TXT record
Spoofing block rule for Office 365
Spoofing block rule for Office 365
Spoofing spam rule for Office 365
Spoofing spam rule for Office 365

Let me know if this rule works out for your organization, or if you find some new ways to improve it!