July 15

Office 365 is the best thing to happen in the Hosted E-Mail business since well….I don’t know, I’m not a writer and I can’t come up with a clever comparison right now, just know that it’s a GREAT THING for many different reasons.

However, depending on your environment, some default features may be considered big security flaws by some. Most recently, we discovered that by default, regular users can create Global Exchange Distribution Groups which not only propagate to the GAL but can also encumber a routable e-mail address.

Although it’s great to be able to off-load distribution group creation to the user, some of us may be apprehensive about allowing users to choose and encumber their choice of an enterprise email addresses. For example, imagine: thecoolpeople@bigbusinessname.com or even randomcurseword@bigbusinessname.com. This is not good!

The worst part is that the user is allowed to choose from the full range of domains configured on your Office 365 Tenant Account, including the automatically routable *.onmicrosoft.com account. As you can imagine, even if you only allow for a 1 way (on-prem. to office 365) synchronization or require additional automation to create a routable address, an account that will automatically accept e-mail (and perhaps send-as) can still be created using the *.onmicrosoft.com alias.

Office 365 Distribution Group Security