what to review exchange365

Our risk team want to audit our email systems. At present around 25% of our mailboxes are in the cloud via exchange365, and 75% are stored on-premise 2013 servers.

When looking at internally hosted mail servers the risk team can look into areas such as security and cofniguration of exchange, backup procedures, AV policies, backup procedures, mailbox ACL's, run EXBPA to check for bad design configs etc etc.

But for the cloud based email infrastructure (exchange365), what can/should they look for in an audit/risk assessment?

January 29th, 2015 12:36pm

Hi There,

I would focus on checking Active Sync policies, retention policies If you are using one, mailbox that are not active and who has access to the O365 admin portal.

Cheers,

Free Windows Admin Tool Kit Click here and download it now
January 30th, 2015 12:51am

Thanks for the reply....

What are the risks around active sync, retention and stale mailboxes? Can you give some insight into the potential concerns?

January 30th, 2015 1:51pm
Hi, 

As far as I know, ExBPA is not available in Office 365. 
For Exchange 2013, we can install Office 365 Best Practices Analyzer for Exchange Server 2013.
For Office 365, we can logon EAC(outlook.office365.com/ecp) with your administrator account, then switch to Compliance management---> Auditing.

We can use the auditing functionality in Office 365 to track changes made to your Exchange Online configuration by Microsoft and by your organizations administrators and changes made by users to documents and other items in the site collections of your SharePoint Online organization. Use mailbox audit logging to track actions performed by users other than the owner of a mailbox. In addition to tracking changes in your Office 365 organization, you can also view audit reports and export the audit logs. More details about Auditing in Office 365, for your reference:
https://technet.microsoft.com/en-us/library/dn790283.aspx

By the way, this question may be related to Office 365. Please contact Office 365 Team so that you can get more professional suggestion, for your reference:
http://community.office365.com/en-us/default.aspx

Best Regards,
Allen Wang
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2015 8:36am

By auditing I wasnt refering to audit logs, more a check of the configuration of the system against best practices (referred to as an IT Audit)...

February 2nd, 2015 4:03am

Hi,

According to my research, there is no similar tool for Office 365, for now.
More details please contact to Office 365 Team to get more professional suggestion.

Best Regards,
Allen Wang

Free Windows Admin Tool Kit Click here and download it now
February 2nd, 2015 8:21pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics