There are three basic ways to access Microsoft Teams:
Each of these versions of the Teams software have their own pros and cons.
The chat portion of Teams allows remote workers and office employees to communicate easily and organize their efforts more efficiently. Users can simply click on the Chat tab, then click on the pen and paper logo to the left of the search bar. Click on the Add People button to create a new group chat consisting of the people you want to talk with.
Microsoft Teams has a couple of ways to insert emojis into a conversation:
By default, every newly-created team has a “General” channel, but say you want to make one channel for fun or silly things that aren’t business-relevant, and one for more productivity-oriented content. Click on the ellipses menu next to the team name, then select the Add Channel option.
Simply upload a file to your Teams channel so everyone can find it easily. For Office 365 software suite files (Word, Excel, PowerPoint, etc.), members of the team will be able to open the file and work on it collaboratively as well.
Welcome to the Online Course for Office 365 Security Roadmap. This course is designed for Security and Global Administrators in Office 365. We will instruct and demonstrate how to configure different security policies in your Office 365 tenant.
If you are signed into your tenant and do not see some of the features displayed in this video, please confirm that you have the proper security licensing before proceeding.
For questions about security licensing in Office 365, please reach out to our support team at support@protectedtrust.com.
Before we get started on setting up security policies, first we will show you how to configure notifications. Whether your organization wishes to have admins alerted for messages quarantined or end-users (or both), we recommend this as the first step.
Microsoft has just released their Security Intelligence Report (SIR), its annual cybersecurity summary, and it reveals phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches.
In this video we will show you how to prevent phishing attempts inside your organization.
Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.
Office 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. Admins don't need to set up or maintain the filtering technologies, which are enabled by default. However, they can make company-specific filtering customizations in the Exchange admin center (EAC).
You can train your employees to be extra vigilant when opening email attachments, but the fact of the matter remains that it only takes one person to mess up once to allow malicious agents into your organization.
In this video, we will show you how to setup an additional layer of protection to prevent employees who open malicious attachments from infecting their systems.
Phishing emails have become very convincing. No longer are we sent emails from a Nigerian Prince begging us to take his money, but rather we are sent very convincing emails from our banks, restaurants, online media companies, and from the people we work with. As we stated in our Safe-Attachments section, there is only so much training can do to prevent employees from opening malicious attachments and the same goes for employees clicking on a malicious link.
In this video, we demonstrate how to turn on Safe-Links, so that your employees are protected when they click on a link in an email that may not be legitimate.
Are you concerned about too much spam in Office 365? Though multiple spam filters are built into your Office 365 service, you may want to change a protection setting to deal with a specific issue in your organization—say you're receiving a lot of spam from a particular sender, for example—or to simply fine tune your settings so that they're tailored to best meet the needs of your organization.
Sender Policy Framework (SPF) is a simple email-validation system designed to detect email impersonation. The purpose of an SPF record is to prevent spammer from sending messages with forged ‘From’ addresses at your domain. This gives you, as an email sender, the ability to specify which email servers are permitted to send email on behalf of your domain.
The first step in implementing SPF is to gather a list of mail servers you use to send email from your domain. Normally organizations send mail from many places. Be sure to include all mail servers used to send mail on your behalf.
Some examples include:
Once all domains that send mail on your behalf are gathered, you'll need to find each domain's unique IP address or IP range. These addresses will be added as "includes" in your SPF record. Most third party mail services will offer a help article with information regarding mail server IP ranges.
An SPF record contains multiple mechanisms, or parameters, that dictate it’s behavior. These parameters include:
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from being flagged as spam before reaching their destination. Here are a few examples of effective, validated SPF records.
With your SPF record now validated and published, it’s time to ensure that the record is being enforced. This will help your SPF record work in conjunction with DKIM to create the most secure mail environment possible.
In this section, we’ve demonstrated how to properly engineer and implement an SPF record to safeguard against spam and phishing attacks. In the next section, we’ll discover how SPF works with DKIM (DomainKeys Identified Mail) to further bolster your secure mail environment.
That's it! DKIM signing for your emails is now enabled. Most organization's email environments are unique, so ensure that you've followed the proper steps for every domain and third-party service that you utilize to send emails.
Our final safeguard for defending against potential threats is called DMARC. DMARC uses both SPF and DKIM to validate the "alignment" of a message to control what happens with the result from both tests. This offers an added layer of protection.
How exactly does DMARC work? Essentially, a sender’s DMARC record instructs a recipient of next steps (e.g., do nothing, quarantine the message, or reject it) if suspicious email claiming to come from a specific sender is received.
Multi-factor Authentication offers an additional layer of security for your users. While using their password to log in, users must additional provide an approval from a personal registered device to further verify their identity.
Before setting your users up with Multi-factor Authentication, 'Modern Authentication' must first be enabled in the Office 365 admin center. Modern Authentication offers access to additional security features such as Single Sign-on.
In this lesson, we'll be manually enabling Multi-factor Authentication for individual users.
Note: Once activated, affected users will be prompted to to begin their setup of Multi-factor Authentication on next login to any Office 365 services.
Link to register your Multi-factor Authentication: https://aka.ms/setupmfa
Once enabled, end users with Multi-factor Authentication will be prompted on next login to Office 365 to begin the setup process. This includes downloading and setting up the mobile authenticator app.
Set up a custom policy to automatically enable Multi-factor Authentication for new users in your organization.
Various settings for MFA users: https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx
Security Defaults: https://aka.ms/securitydefaults
In this lesson we'll be creating a custom conditional access policy which enforces Multi-factor Authentication for only our organization administrators. These policies can be created for any type of user roles in Office 365.
Azure Portal: https://portal.azure.com
More details: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa
Audit logging in the Office 365 Security & Compliance Center allows you to track most activities of your users such as:
Follow along to enable your Office 365 audit log.
To enable audit logging: https://protection.office.com
There are three basic ways to access Microsoft Teams:
Each of these versions of the Teams software have their own pros and cons.
The chat portion of Teams allows remote workers and office employees to communicate easily and organize their efforts more efficiently. Users can simply click on the Chat tab, then click on the pen and paper logo to the left of the search bar. Click on the Add People button to create a new group chat consisting of the people you want to talk with.
Microsoft Teams has a couple of ways to insert emojis into a conversation:
Click on the ellipses icon above a chat message to “save” a message for future reference.
Set up a team to encourage collaboration — Simply go to the Teams tab, click on the Join or Create a Team option at the bottom of the team list column, and click on the Create Team option that appears.
Simply click on the ellipses menu next to the team name in the Teams tab and select Edit Team.
Change team member permissions by adding, removing and updating preferences.
By default, every newly-created team has a “General” channel, but say you want to make one channel for fun or silly things that aren’t business-relevant, and one for more productivity-oriented content. Click on the ellipses menu next to the team name, then select the Add Channel option.
Simply upload a file to your Teams channel so everyone can find it easily. For Office 365 software suite files (Word, Excel, PowerPoint, etc.), members of the team will be able to open the file and work on it collaboratively as well.
Arrange and hide teams as needed.
Users can turn on banner and feed notifications in the Teams software so they can keep apprised of new comments in specific Teams channels.
In the Teams software, there are two ways to create a meeting:
Discuss something "right now" by creating an ad hoc meeting. You can start these meetings easily by clicking on either the Video Call or Phone Call buttons.
Set up a meeting in advance and invite one or more people to join you in that meeting. Many users prefer to use the Microsoft Outlook app to set up meetings in Teams.
To join an existing meeting, click on the meeting name in the Calendar tab, and then select Join.
Welcome to the Online Course for Office 365 Security Roadmap. This course is designed for Security and Global Administrators in Office 365. We will instruct and demonstrate how to configure different security policies in your Office 365 tenant.
If you are signed into your tenant and do not see some of the features displayed in this video, please confirm that you have the proper security licensing before proceeding.
For questions about security licensing in Office 365, please reach out to our support team at support@protectedtrust.com.
Before we get started on setting up security policies, first we will show you how to configure notifications. Whether your organization wishes to have admins alerted for messages quarantined or end-users (or both), we recommend this as the first step.
Microsoft has just released their Security Intelligence Report (SIR), its annual cybersecurity summary, and it reveals phishing is still the most popular way for cyber-criminals to attack, giving security experts everywhere headaches.
In this video we will show you how to prevent phishing attempts inside your organization.
Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.
Office 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. Admins don't need to set up or maintain the filtering technologies, which are enabled by default. However, they can make company-specific filtering customizations in the Exchange admin center (EAC).
You can train your employees to be extra vigilant when opening email attachments, but the fact of the matter remains that it only takes one person to mess up once to allow malicious agents into your organization.
In this video, we will show you how to setup an additional layer of protection to prevent employees who open malicious attachments from infecting their systems.
Phishing emails have become very convincing. No longer are we sent emails from a Nigerian Prince begging us to take his money, but rather we are sent very convincing emails from our banks, restaurants, online media companies, and from the people we work with. As we stated in our Safe-Attachments section, there is only so much training can do to prevent employees from opening malicious attachments and the same goes for employees clicking on a malicious link.
In this video, we demonstrate how to turn on Safe-Links, so that your employees are protected when they click on a link in an email that may not be legitimate.
Are you concerned about too much spam in Office 365? Though multiple spam filters are built into your Office 365 service, you may want to change a protection setting to deal with a specific issue in your organization—say you're receiving a lot of spam from a particular sender, for example—or to simply fine tune your settings so that they're tailored to best meet the needs of your organization.
Sender Policy Framework (SPF) is a simple email-validation system designed to detect email impersonation. The purpose of an SPF record is to prevent spammer from sending messages with forged ‘From’ addresses at your domain. This gives you, as an email sender, the ability to specify which email servers are permitted to send email on behalf of your domain.
Protect your customer, your brand, and your business from spoofing and phishing attacks by authenticating your email with SPF. Ready to create an SPF record? Follow these steps to get started.
The first step in implementing SPF is to gather a list of mail servers you use to send email from your domain. Normally organizations send mail from many places. Be sure to include all mail servers used to send mail on your behalf.
Some examples include:
Once all domains that send mail on your behalf are gathered, you'll need to find each domain's unique IP address or IP range. These addresses will be added as "includes" in your SPF record. Most third party mail services will offer a help article with information regarding mail server IP ranges.
Understanding the format of SPF records is crucial to ensuring you’re getting the most out of your spam and phishing safeguards. Let’s take a closer look at how SPF records are constructed.
An SPF record contains multiple mechanisms, or parameters, that dictate it’s behavior. These parameters include:
A carefully tailored SPF record will reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from being flagged as spam before reaching their destination. Here are a few examples of effective, validated SPF records.
SPF records can appear fairly simple, but including a multitude of different server configurations can quickly become complicated. Let’s look at a few common mistakes for SPF records.
Validating an SPF record is an essential part is implementing SPF to prevent possible spam and phishing attacks. This video explains how to properly validate your SPF record with various tools available.
Once you created and validated your SPF record, it’s time to begin the publishing process. Once published, mailbox providers will be able to reference the record.
With your SPF record now validated and published, it’s time to ensure that the record is being enforced. This will help your SPF record work in conjunction with DKIM to create the most secure mail environment possible.
In this section, we’ve demonstrated how to properly engineer and implement an SPF record to safeguard against spam and phishing attacks. In the next section, we’ll discover how SPF works with DKIM (DomainKeys Identified Mail) to further bolster your secure mail environment.
DKIM, or DomainKeys Identified Mail, adds yet another layer of security to your organization's email ecosystem. In this section we'll explain the value of DKIM, along with steps to implement DKIM for your organization.
Implementing DKIM in Office 365 is a fairly straightforward process. Follow these simple steps to get started.
Let's take a closer look at inventorying all of our relevant domains.
NOTE: Be sure to consider ALL domains your organization may send mail from, as this is a commonly overlooked step.
In this lesson, we’ll take the data that we’ve collected and, using the provided format, create our custom DKIM record.
Once our DKIM record has been created, we'll next log into our DNS provider and publish the record for testing and deployment.
An important step to enabling DKIM is to ensure that the record has been created correctly and is valid. Follow along as we do a DNS lookup to do so.
Once our records have been published and tested to be valid, we will enable DKIM Signing in Office 365.
That's it! DKIM signing for your emails is now enabled. Most organization's email environments are unique, so ensure that you've followed the proper steps for every domain and third-party service that you utilize to send emails.
Our final safeguard for defending against potential threats is called DMARC. DMARC uses both SPF and DKIM to validate the "alignment" of a message to control what happens with the result from both tests. This offers an added layer of protection.
How exactly does DMARC work? Essentially, a sender’s DMARC record instructs a recipient of next steps (e.g., do nothing, quarantine the message, or reject it) if suspicious email claiming to come from a specific sender is received.
As SPF may not protect from any and all potential email threats, DMARC offers an additional layer of security by using SPF and DKIM together.
Let's look at a brief overview of how to implement DMARC in our environment.
SPF and DKIM MUST be deployed in our environment to enable DMARC. These steps are provided in previous lessons of this course.
Before enabling DMARC signing, we must ensure that SPF and DKIM are properly configured and published.
To publish a DMARC record, we must create a new DNS record. Use our example provided as your guideline.
A great feature of DMARC is the ability to view activity through reports of delivery information. This includes details on SPF and DKIM statuses of related email messages.
Multi-factor Authentication offers an additional layer of security for your users. While using their password to log in, users must additional provide an approval from a personal registered device to further verify their identity.
Before setting your users up with Multi-factor Authentication, 'Modern Authentication' must first be enabled in the Office 365 admin center. Modern Authentication offers access to additional security features such as Single Sign-on.
In this lesson, we'll be manually enabling Multi-factor Authentication for individual users.
Note: Once activated, affected users will be prompted to to begin their setup of Multi-factor Authentication on next login to any Office 365 services.
Link to register your Multi-factor Authentication: https://aka.ms/setupmfa
Once enabled, end users with Multi-factor Authentication will be prompted on next login to Office 365 to begin the setup process. This includes downloading and setting up the mobile authenticator app.
Set up a custom policy to automatically enable Multi-factor Authentication for new users in your organization.
Various settings for MFA users: https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx
Security Defaults: https://aka.ms/securitydefaults
In this lesson we'll be creating a custom conditional access policy which enforces Multi-factor Authentication for only our organization administrators. These policies can be created for any type of user roles in Office 365.
Azure Portal: https://portal.azure.com
More details: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa
Let's take a look at using Office 365's custom branding for your environment. Creating a customized login page in Office 365 can help ensure that your users avoid losing login information to potential phishing attacks.
Yet another must have safeguard, conditional access can help secure the identity of your users by preventing them from logging in from suspicious locations and devices.
Audit logging in the Office 365 Security & Compliance Center allows you to track most activities of your users such as:
Follow along to enable your Office 365 audit log.
To enable audit logging: https://protection.office.com
