Report created for Acestara on Thursday 30 March 2023 at 1:47 PM
Microsoft 365 Security Report
 Dashboard
 Admins
 Users
 Licenses
 Mailbox Access
 Mobile Devices
 Contacts
 Resources
 Groups
 Forwarding
 Transport Rules
 Inbox Rules
 Conditional Access
 Action Points
 Glossary of Terms
Company Information  
NameTechnical E-mailTelephone Number
Acestaraglenn@mspeasytools.co.uk01218090309
 
Tenant wide options  
Unified Audit LogSecurity defaultsDays until password expiry
EnabledUnknown730
Authentication Methods  
Active SyncPOPIMAPMAPISMTPOAuth2
EnabledEnabledEnabledEnabledEnabledEnabled
 
MFA conditional access policies  
NameIDUsers includedUsers excludedGroups includedGroups excludedRoles includedRoles excludedState
SecurityPolicy15a4c8f90-21b4-46d9-9f4f-15bb6e7decabAnne@acestara.com, Art@acestara.coma82038a9-ee9f-43d0-b82c-eed88b7d940c>MarketingBilling Administratorenabled
 
Global Administrators  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Global AdministratorBert DirthaEnforcedyesnoadmin@acestara.com
Global AdministratorJennifer AurelliDisablednonoJenny@acestara.com
Global AdministratorQuinn EvansDisabledyesnoquinn@acestara.com
Global AdministratorAndrew testEnabled (CA)nonoandrew@acestara.com
Global AdministratortempaccountDisablednonotempaccount@acestara.com
Global AdministratorAndrew Demo Admin accountEnforcednonodemo@acestara.com
Domains  
Domain NameVerification StatusDefaultDKIM enabled
acestara.onmicrosoft.comVerifiedNoEnabled
acestara.comVerifiedYesDisabled
 
Azure AD registered applications  
Information
Information: No azure AD registered applications were found.
 
Enterprise AD registered applications  
NameAppIDCreated on
Microsoft Graph PowerShell14d82eec-204b-4c2f-b7e8-296a70dab67e2022/10/20 10:58
Nine for Office 365516e4bcb-86da-4cfe-92cb-435c1e8dbf712022/09/11 09:42
 
Users with Strong Password Enforcement Disabled  
Information
Information: No Users were found with Strong Password Enforcement disabled
Users with password expiry policy disabled  
NamePrimary Email AddressIs LicensedMFA StatusPassword Expiry Policy
Bert Dirthaadmin@acestara.comTrueEnforcedNever Expires
Ben DoverBen@acestara.comTrueEnforcedNever Expires
Role Assignments  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Billing AdministratorAndrew testEnabled (CA)nonoandrew@acestara.com
Billing AdministratorEquipmentEnforcednonoequipment@acestara.com
Exchange AdministratorMark PottsDisablednonoMark@acestara.com
Exchange AdministratorRalph HigginsEnablednonoralph@acestara.com
Global AdministratorBert DirthaEnforcedyesnoadmin@acestara.com
Global AdministratorJennifer AurelliDisablednonoJenny@acestara.com
Global AdministratorQuinn EvansDisabledyesnoquinn@acestara.com
Global AdministratorAndrew testEnabled (CA)nonoandrew@acestara.com
Global AdministratortempaccountDisablednonotempaccount@acestara.com
Global AdministratorAndrew Demo Admin accountEnforcednonodemo@acestara.com
Groups AdministratorMark PottsDisablednonoMark@acestara.com
Helpdesk AdministratorRalph HigginsEnablednonoralph@acestara.com
Helpdesk AdministratorBen DoverEnforcedyesyesBen@acestara.com
Intune AdministratorBen DoverEnforcedyesyesBen@acestara.com
Teams AdministratorPerry ScopeEnablednonoPerry@acestara.com
Role Assignments Chart  
Microsoft 365 Users  
NamePrimary E-mail addressLicensesEmail TypeLast Logon dateDays since last logonReset Password at Next LogonIs BlockedMFA StatusMFA CapableMFA RegisteredDefault MFA MethodMFA Methods RegisteredSelf Service Password reset capableSelf Service Password reset registeredSelf Service Password reset enabledPasswordless CapableActiveSyncPOPIMAPMAPISMTPOWAE-mail Aliases
Bert Dirthaadmin@acestara.comAZURE ACTIVE DIRECTORY PREMIUM P1, MICROSOFT 365 BUSINESS BASICUserMailbox2023-03-24 10:27:386FalseNoEnforcedTrueTruemobilePhonemobilePhone, microsoftAuthenticatorPush, softwareOneTimePasscodeFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabledadmin@acestara.com, admin@acestara.onmicrosoft.com
Alfie McDeealfiemcdee@acestara.comNot ActiveNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew testandrew@acestara.comNot Active2023-03-27 14:50:252FalseNoEnabled (CA)TrueTruemobilePhonemobilePhoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Anne TeakAnne@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Art DecoArt@acestara.comEXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledArt@acestara.com
Ben DoverBen@acestara.comMICROSOFT POWER AUTOMATE FREE, EXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseYesEnforcedNot availableNot availableNot availableNot availableNot availableNot availableNot availableNot availableEnabledDisabledDisabledDisabledDisabledEnabledBen@acestara.com
cheechee@acestara.comUserMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabledchee@acestara.onmicrosoft.com, chee@acestara.com
Chris AnthemumChris@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew Demo Admin accountdemo@acestara.comNot Active2022-06-16 12:44:19287FalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Equipmentequipment@acestara.comEquipmentMailboxNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseEnabledDisabledDisabledEnabledDisabledEnabledequipment@acestara.com
Ginger PlantGinger@acestara.comNot ActiveNot availableNot availableFalseNoEnforcedTrueTruenonemicrosoftAuthenticatorPushFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Holly Bushholly@acestara.comNot ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledholly@acestara.com
Hugo FirstHugo@acestara.comEXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledHugo@acestara.com
Jennifer AurelliJenny@acestara.comSharedMailbox2020-05-26 13:57:301037FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledEnabledEnabledEnabledEnabledJenniferAurelli@acestara.com, Jennifer@acestara.com, Jenny@acestara.onmicrosoft.com, Jenny@acestara.com
Kevin Dowlingkevin@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledkevin@acestara.com
Liz ErdLiz@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mal AjustedMal@acestara.comNot ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mark PottsMark@acestara.comNot ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledMark@acestara.com
Mark AteerMarkA@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Meeting Roommeetingroom@acestara.comRoomMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledmeetingroom@acestara.com
Michael Hellomichael@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Neil DownNeil@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Olive YewOlive@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
PauloPaulo_gpostpc321.com#EXT#@acestara.onmicrosoft.comGuestMailUserNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledPaulo@gpostpc321.com
Perry ScopePerry@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Peter OwtPeter@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Quinn Evansquinn@acestara.comMICROSOFT POWER AUTOMATE FREE, MICROSOFT 365 BUSINESS BASICUserMailbox2022-05-24 07:27:53310FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabledQuinnEvans@acestara.com, info@acestara.com, CE@acestara.com, QEvans@acestara.com, TheQuinnstar@acestara.com, quinn@acestara.onmicrosoft.com, quinn@acestara.com
Ralph Higginsralph@acestara.comSharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledEnabledDisabledEnabledEnabledEnabledralph@acestara.com
Ray SincarRay@acestara.comNot ActiveNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
hotelreception@acestara.comSharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledReception1@acestara.onmicrosoft.com, Reception1@acestara.com, reception@acestara.com
Rhea Laxrhea@acestara.comNot ActiveNot availableNot availableFalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledrhea@acestara.com
Simon SaisSimon@acestara.comNot ActiveNot availableNot availableFalseYesEnabledNot availableNot availableNot availableNot availableNot availableNot availableNot availableNot availableDisabledDisabledDisabledDisabledDisabledDisabled
Supportsupport@acestara.comSharedMailboxNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseEnabledDisabledDisabledEnabledEnabledEnabledsupport@acestara.com
sydneysydney_Asw342A.com#EXT#@acestara.onmicrosoft.comGuestMailUserNot availableNot availableFalseNoEnabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledsydney@Asw342A.com
tempaccounttempaccount@acestara.comNot Active2022-04-05 15:40:36358FalseNoDisabledFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
toot toottoot@acestara.comMailUniversalDistributionGroupNot availableNot availableFalseNoEnforcedFalseFalsenoneFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Licensed and Unlicensed users chart  
Microsoft 365 User MFA Status  
Microsoft 365 Mailbox Types  
 
Microsoft 365 Licenses  
NameTotal AmountAssigned LicensesUnassigned Licenses
EXCHANGE ONLINE KIOSK532
EXCHANGE ONLINE (PLAN 1)101
AZURE ACTIVE DIRECTORY PREMIUM P1110
MICROSOFT 365 BUSINESS BASIC220
Microsoft 365 Licenses and Users  
NameUsers allocated this license
Exchange Online KioskHugo@acestara.com, Ben@acestara.com, Art@acestara.com
Azure Active Directory Premium P1admin@acestara.com
Microsoft 365 Business Basicquinn@acestara.com, admin@acestara.com
Microsoft 365 Licensing Charts  
Microsoft 365 delegated access to mailboxes  
NamePrimary E-MailMailbox TypeUsers who can access this mailbox
Bert Dirthaadmin@acestara.comUserMailbox
Art DecoArt@acestara.comUserMailbox
Ben DoverBen@acestara.comUserMailbox
cheechee@acestara.comUserMailboxquinn@acestara.com,ralph@acestara.com,chee@acestara.com
Equipmentequipment@acestara.comEquipmentMailbox
Hugo FirstHugo@acestara.comUserMailbox
Jennifer AurelliJenny@acestara.comSharedMailboxquinn@acestara.com,Jenny@acestara.com,support@acestara.com,ralph@acestara.com,meetingroom@acestara.com,admin@acestara.com
Quinn Evansquinn@acestara.comUserMailboxralph@acestara.com,admin@acestara.com
Ralph Higginsralph@acestara.comSharedMailboxquinn@acestara.com,Jenny@acestara.com,chee@acestara.com
hotelreception@acestara.comSharedMailbox
Supportsupport@acestara.comSharedMailboxquinn@acestara.com,ralph@acestara.com
Microsoft 365 mobile device access  
Primary Email AddressDisplay NameNameDevice ModelDevice TypeDevice OSDevelopment NameDevice IdClient TypeClient VersionMobile OperatorFirst SyncLast SyncLast Sync Attempt
admin@acestara.comBert DirthaadminPixel 6 ProAndroidAndroid 13.8927612raven4E696E65394439424130423243353937EAS16.1O2 - UK2022/09/11 08:422022/09/11 08:422022/09/11 08:42
admin@acestara.comBert DirthaadminDefault stringUniversalOutlookWINDOWSGLENN-PC68D2A8DA190E4BF189497A4C4548A4F8Outlook1.02022/09/11 08:362022/09/11 08:36Not available
Mobile device types  
 
Microsoft 365 contacts  
NameE-mail Address
Sydneysydney@Asw342A.com
Microsoft 365 Mail Users  
NamePrimary E-MailE-mail Aliases
PauloPaulo@gpostpc321.com
sydney_Asw342A.com#EXT#sydney@Asw342A.com
 
Microsoft 365 Room Mailboxes  
NamePrimary E-MailE-mail Aliases
Meeting Roommeetingroom@acestara.com
Microsoft 365 Equipment Mailboxes  
NamePrimary E-MailE-mail Aliases
Equipmentequipment@acestara.com
 
Microsoft 365 Groups  
NameTypeMembersE-mail AddressID
AcestaraMicrosoft 365 Groupadmin@acestara.com, Art@acestara.com, Ben@acestara.com, Hugo@acestara.com, Jenny@acestara.com, Mark@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.com, andrew@acestara.com, Anne@acestara.com, Chris@acestara.com, demo@acestara.com, Ginger@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, MSPETvT2417Temp@acestara.com, Neil@acestara.com, Olive@acestara.com, Perry@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.com, tempaccount@acestara.comAcestara@acestara.comc3c914eb-08ea-4b38-95da-40e0e9c9f265
Acestara SecuritySecurity GroupJenny@acestara.comc86ff27d-4f92-4c3b-aa96-018a96b73953
Acestara TeamMicrosoft 365 Groupadmin@acestara.com, Art@acestara.com, Ben@acestara.com, Hugo@acestara.com, Jenny@acestara.com, Mark@acestara.com, quinn@acestara.com, Anne@acestara.com, Chris@acestara.com, Ginger@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, Neil@acestara.com, Olive@acestara.com, Perry@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.comAcestaraTeam@acestara.comef9910ce-4da7-4117-8be9-723ac772b6e5
All CompanyMicrosoft 365 GroupAllCompany.9531400193.lmbcqnzx@acestara.com5aacfe77-b50c-4912-aa63-f912a220c7f8
DespatchDistribution Listadmin@acestara.com, Jenny@acestara.com, ralph@acestara.comdespatch@acestara.comc2ca64d2-dc93-43ae-8cc9-bcfd1cca2658
Discussion TeamMicrosoft 365 Groupquinn@acestara.comDiscussionTeam@acestara.comac08fbdc-502f-48d4-9a7c-f8bb5c792bdb
DMARCMicrosoft 365 GroupArt@acestara.com, Ben@acestara.com, Jenny@acestara.com, Anne@acestara.com, Chris@acestara.com, Liz@acestara.com, Ray@acestara.com, Simon@acestara.comdmarc@acestara.coma1c7a4ce-ee50-4bf1-b374-cfdf3fc6ebca
MarketingMicrosoft 365 GroupBen@acestara.com, Hugo@acestara.com, Chris@acestara.com, Olive@acestara.com, Peter@acestara.com, Ray@acestara.commarketing@acestara.coma82038a9-ee9f-43d0-b82c-eed88b7d940c
Merging infoDistribution Listadmin@acestara.com, Jenny@acestara.com, quinn@acestara.com, ralph@acestara.com, support@acestara.commerging@acestara.com4fe8c299-c579-4e16-aefe-3076793923ff
PleaseDistributeDistribution Listpleasedistribute@acestara.combd7877c0-f097-4765-8a70-452a33bc1739
SalesDistribution Listadmin@acestara.com, Jenny@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.comsales@acestara.come7bd86de-a161-4bf8-ba2f-62ed33497b13
Security GroupMail Enabled Security Groupadmin@acestara.com, Jenny@acestara.com, quinn@acestara.com, ralph@acestara.com, support@acestara.comSecurity@acestara.comed6cba35-74e2-4220-aeda-d5fc26900db4
SecurityAlphaSecurity GroupJenny@acestara.com92bbb0b1-9566-4907-aed3-a54015cd9d64
SecuritySettingsAlphaSecurity Groupf0268b1b-a33c-482c-8ec7-365553f61563
testgroupDistribution Listchee@acestara.comtestgroup@acestara.comb88f651c-a950-41bc-aac5-e9c113021d58
Timeout.comDistribution Listtimeout@acestara.comb06dad2e-fa66-4abf-9e05-c14f99866e0e
tootDistribution Listadmin@acestara.comtoot@acestara.combae7b905-4f1b-4dfa-9400-1e68f13ee479
Microsoft 365 mail enabled Groups with external members  
NameTypeMembersExternal MembersE-mail AddressID
AcestaraMicrosoft 365 Groupadmin@acestara.com, Art@acestara.com, Ben@acestara.com, Hugo@acestara.com, Jenny@acestara.com, Mark@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.com, andrew@acestara.com, Anne@acestara.com, Chris@acestara.com, demo@acestara.com, Ginger@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, MSPETvT2417Temp@acestara.com, Neil@acestara.com, Olive@acestara.com, Perry@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.com, tempaccount@acestara.comPaulo@gpostpc321.com, sydney@Asw342A.comAcestara@acestara.comc3c914eb-08ea-4b38-95da-40e0e9c9f265
SalesDistribution Listadmin@acestara.com, Jenny@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.comPaulo@gpostpc321.com, sydney@Asw342A.comsales@acestara.come7bd86de-a161-4bf8-ba2f-62ed33497b13
Microsoft 365 Groups chart  
 
All Forwarding on mailboxes  
Primary Email AddressDisplay NameHas email forwarded to this address
equipment@acestara.comEquipmentquinn@acestara.com
quinn@acestara.comQuinn Evansjenny@acestara.com
ralph@acestara.comRalph HigginsJenny@acestara.com
support@acestara.comSupportralph@acestara.com
External Forwarding on mailboxes  
Information
Information: No Users with external forwarding rules were found.
 
All Transport Rules currently in the exchange  
Transport Rule NameDescription
Block IP and delete - TENANTIf the message:
sender ip addresses belong to one of these ranges: '1.1.2.3'
Take the following actions:
Delete the message without notifying the recipient or sender
whitelist MSP Easy ToolsIf the message:
sender's address domain portion belongs to any of these domains: 'mspeasytools.co.uk' or 'office365security.info' or 'mspet.co.uk' or 'micromonty.com' or 'mspeasytools.sk' or 'promptmapper.com'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist gdsq.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
AlertsNotJunkIf the message:
Is received from 'Alerts@office365security.info'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist ff.oiIf the message:
sender's address domain portion belongs to any of these domains: 'ff.oi'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist gdsq.co.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
whitelist MSPETUKIf the message:
sender's address domain portion belongs to any of these domains: 'mspet.uk' or 'mspetduk.onmicrosoft.com' or 'msptools.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
MSPET-RD-MSP EasyTools infoIf the message:
Is received from 'andrew@mspeasytools.co.uk'
and Includes these patterns in the message subject: 'Further information'
Take the following actions:
Redirect the message to 'quinn@acestara.com'
Forward to HomeIf the message:
Is sent to 'support@acestara.com'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to 'Ermin@pdsft1.co.uk'
Internal plus2If the message:
Is sent to 'Jenny@acestara.com'
Take the following actions:
Blind carbon copy(Bcc) the message to 'Ernie@fastestmilkman.west'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to 'Penny@pincher.bank'
Sent to 'Ralph Higgins'If the message:
Is sent to 'ralph@acestara.com'
Take the following actions:
Prepend the subject with 'Hello Ralph'
Transport Rules that forward externally  
Transport Rule NameDescription
Forward to HomeIf the message:
Is sent to 'support@acestara.com'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to 'Ermin@pdsft1.co.uk'
Internal plus2If the message:
Is sent to 'Jenny@acestara.com'
Take the following actions:
Blind carbon copy(Bcc) the message to 'Ernie@fastestmilkman.west'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to 'Penny@pincher.bank'
 
All inbox rules currently in the exchange  
User Email AddressInbox Rule NameDescription
quinn@acestara.comEmails from JenniferIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
quinn@acestara.comEmails from MarkIf the message:
the message was received from 'Mark@acestara.com'
Take the following actions:
delete the message
and stop processing more rules on this message
quinn@acestara.comEmails from RalphIf the message:
the message was received from 'Ralph Higgins'
Take the following actions:
move the message to folder 'Ralph'
and stop processing more rules on this message
quinn@acestara.comFor all messages from Acestara TeamIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
quinn@acestara.comto meIf the message:
the body of the message contains the words 'pigs'
Take the following actions:
delete the message
and stop processing more rules on this message
support@acestara.comExternal SendIf the message:
the message includes specific words in the subject 'Finance'
Take the following actions:
forward the message to 'Quinn@gexdsqa.uk'
and stop processing more rules on this message
Inbox Rules that forward externally  
User Email AddressInbox Rule NameDescription
support@acestara.comExternal SendIf the message:
the message includes specific words in the subject 'Finance'
Take the following actions:
forward the message to 'Quinn@gexdsqa.uk'
and stop processing more rules on this message
All Conditional Access Policies detail  
Display NameIdDescriptionStateCreated DateModified DateIncluded UsersExcluded UsersIncluded GroupsExcluded GroupsIncluded RolesExcluded RolesIncluded AppIDsExcluded AppIDsInclude User ActionsIncluded Authentication Context Class ReferencesClient App type conditionsClient Apps Include Service PrincipalsClient Apps Exclude Service PrincipalsFilter for Devices ModeFilter for Devices RuleIncluded LocationsExcluded LocationsIncluded PlatformsExcluded PlatformsService Principal Risk LevelsSign In Risk LevelsUser Risk LevelsGrant controlsOperator for multiple controlsCustom Authentication FactorsGrant controls Terms Of UseApplication enforced restrictions enabledCloud App Security TypeCloud App Security enabledDisable Resilience DefaultsPersistent Browser modePersistent Browser mode enabledSign in frequency intervalSign in frequency interval valueSign in frequency interval unitSign in frequency Authentication TypeSign in frequency interval enabled
SecurityPolicy15a4c8f90-21b4-46d9-9f4f-15bb6e7decabenabled11/11/2021 11:49:13 AM4/28/2022 4:03:49 PMAnne@acestara.com, Art@acestara.comMarketingBilling AdministratorNoneallmfaOR
remembermfa928f26f0-7437-4276-888c-8fa34a7ab748enabled6/17/2022 7:42:23 AMAllGlobal AdministratorAllallFalsealwaysTruetimeBased1hoursprimaryAndSecondaryAuthenticationTrue

Action Points

The below summarises recommended important points to act upon, taken from the entire security report. Where possible you should aim to make as many of the items below show as a green thumbs up. If due to required legacy compatibilty you are unable to fully address all points then you should tightly control and document anything that can't be changed for compliancy purposes. Action points are colour / icon coded for ease of use. A green thumbs up requires no action on your part. A red thumbs down represents a significant security / misconfiguration issue and should be addressed. An amber pointing finger should still be addresed but may be of less significance in comparison to a thumbs down. A blue 'info' icon is not necesarily a concern but is something that you need to be aware of.

Unified Audit Log

The Unified Audit log is enabled

No action needs to be taken

Password Expiry Policy

Passwords set to expire after 730 days

No action needs to be taken

OAuth2

OAuth2 (Modern Authentication) is enabled in the tenant

No action needs to be taken

Active Sync

Active Sync is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. Active Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps. You can use the connection protocols tool in MicroMonty to control this

POP

POP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. POP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If POP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of POP to access email in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

IMAP

IMAP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. IMAP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If IMAP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of IMAP to access email in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

MAPI

MAPI is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. MAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended. You can use the connection protocols tool in MicroMonty to control this

SMTP

SMTP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. SMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

MFA Conditional Access Policy

All configured conditional access policies that enforce MFA are enabled

No action needs to be taken

MFA Conditional Access Policy Exceptions

All configured conditional access policies that enforce MFA do not contain exceptions

No action needs to be taken

Domain Verification

All registered domains are verified in Microsoft 365

No action needs to be taken

DKIM status

At least one of your registered domains does not have DKIM enabled

Look at the 'Dashboard' tab for more info. DKIM and DMARC settings help to protect your domains from email spoofing. DNS Settings may need to be made in your domain registrar and in the Microsoft 365 portal to enable DKIM and then set a DMARC policy

Azure AD App creation

No Applications are registered in your Azure AD

No action needs to be taken

Strong Password Requirement

No users found with strong password enforcement disabled

No action needs to be taken

MFA and password expiry

No users found with no password expiry and MFA disabled

No action needs to be taken

No password expiry

Users found with Password expiry disabled but MFA enabled

Check the 'Dashboard' tab for more information. For security, If possible enable password expiry for all users. However, these users do have MFA enabled. You can use the Password tools in the security section of Micromonty to help you do this

Global Admins

Multiple global admins detected

It is recommended that the number of Global Admins is kept to a minimum for security. Please check the 'Admins' tab for more detail. Attackers can create a new admin to compromise your systems. Remember also that an internal user has 'Access all areas' if they are a global admin. The pro version of the tools can alert you when a new admin is detected and also help to remove unwanted admins. MircroMonty can help you to configure different admin privileges for any account

Admin Multifactor Authentication

At least one admin in the tenant is not using MFA

It is recommended that all administrators have MFA enabled on their account for added security. Please check the 'Admins' tab for more detail. You can use the MFA tool on the MSPET Launcher to configure MFA where needed.

User Multifactor Authentication

At least one user in the tenant is not using MFA

It is recommended that all users have MFA enabled on their account for added security. Please check the 'users' tab for more detail. You can use the MFA tool on the MSPET Launcher to configure MFA where needed. If for legacy devices where MFA cannot be used, this should be strictly controlled and a secure password that is changed regularly used as a minimum

Blocked users

At least one user is blocked from signing in

There are blocked users in the tenant. Check the 'Users' tab for more information. Blocked users cannot sign in. If this account is no longer active it is best practice to place a hold on the account and make it an inactive account. Blocked users are not recommended long term. You can use MicroMonty's security tools to control the blocked status of a user.

License allocation

No license assignments exceed their specified usage limits

No action needs to be taken

License usage

There are unused licenses in the tenant

Unused licenses can incur a cost that is unnecessary. Check the 'Licenses'. tab for more detail. These licenses should be allocated to users or cancelled if not needed. You can use the license tool in MicroMonty to assign licenses. Excess licenses must be cancelled with your provider

Delegated mailbox access

There are users with delegated mailboxes in the tenant

When a mailbox is delegated the delegate can fully access the content of the mailbox. Check the 'Licenses'. tab for more detail. Please check to confirm these delegations are as they should be. You can use the Mailbox tools in MicroMonty to change mailbox permissions.

Microsoft 365 Mail Users

Microsoft 365 Mail Users exist in the tenant

A Microsoft 365 mail user is an external user that has been given access to some (or all) of the content in your Microsoft 365 tenant. This usually means that a user has shared some content with this person. Check the 'Contacts' tab for more detail. Microsoft 365 mail users are not recommended, especially long term, these users can access part or even all of your sharepoint / onedrive data. You can use MicroMonty to help you remove 'Mail Users'

Groups with external members

Mail enabled groups exist with external members

A mail enabled group with an external member can be used to forward mail external to the organisation. Check the 'Groups' tab for more detail. If possible you should remove external members from your mail enabled groups. You can use MicroMonty to create and delete mail enabled groups. New MicroMonty tool to configure existing group members soon. The pro version of MSP Easy tools can automatically alert you when a new external group member is found.

External Forwarding

No Users with external forwarding rules were found.

No action needs to be taken

External Transport Rules

Externally forwarding transport rules were found

External transport rules can be used to forward emails automatically to a recipient outside the tenant. Check the 'Transport Rules' tab for more detail. If possible you should remove all external Transport rules. The pro version of MSP Easy tools can automatically alert you when a new external transport rule is found. The counterpart tool on the launcher will help you to remove unwanted rules

External inbox Rules

Externally forwarding inbox rules were found

Users can set up rules on their mailboxes that automatically forward to external sources. Check the 'Inbox Rules' tab for more detail. If possible these should be removed. It is recommended to block users ability to set externally forwarding inbox rules. The pro version of MSP Easy tools can automatically block all externally forwarding inbox rules. The counterpart tool on the launcher allows you to make any exceptions should you need to.

Conditional Access Policies

Enabled conditional access policies were found.

No action needs to be taken. Check the conditional access tab of the report for more detail.
Explanation of terms used in the report  
TermExplanation
Active SyncActive Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps.
AdminA user or entity that has control over your Microsoft 365 tenant
Azure AD applicationsAn Azure AD application is a registered applicaition in the Active directory of a Microsoft 365 tenant. Azure applications can be granted permissions to perform a multitude of actions both within the tenant and potentially upon any partner tenants too.
Billing AdministratorMakes purchases, manages subscriptions, opens and manages support tickets, and monitors service health.
Conditional Access PolicyA conditional access policy enforces specified conditions on user, group members or roles within the Azure active directory. For example it could be used to enforce MFA on users that are members of a particular group.
ContactAn external contact that has been added to the Microsoft 365 contacts list. These users do not have access to any of your Microsoft 365 content.
CRM Service AdministratorAlso known as a Dynamics 365 service admin, can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Microsoft 365 global admin such as manage user accounts, manage subscriptions, access settings for Microsoft 365 apps like Exchange or SharePoint.
Customer LockBox Access ApproverCan approve Microsoft support requests to access customer organizational data. Manages Customer Lockbox requests in your organisation. They receive email notifications for Customer Lockbox requests and can approve/deny requests from the Microsoft 365 Admin Center. They can also turn on/off the Customer Lockbox feature.
Default domainThe primary domain registered in your Microsoft 365 tenant
Distribution ListSometimes referred to as a Distribution Group. A Microsoft 365 distribution group is a group of users that is mail-enabled (you can send emails to this group email account, and by doing that, all listed users will also be emailed automatically rather than having to email them all individually
DKIMDKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren't altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server.
DomainThe part of your email address after @. Domains listed are all the ones that are valid in this tenant.
Email AliasAn alternate email address that can be used to send to a recipient. They will not be able to send out using this address. Only the primary email address can be used to send email.
Equipment MailboxAn equipment mailbox is a resource mailbox assigned to a resource that's not location specific, such as a portable computer, projector, microphone, or a company car. After an administrator creates an equipment mailbox, users can easily reserve the piece of equipment by including the corresponding equipment mailbox in a meeting request.
Exchange AdministratorManages email, mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Microsoft 365 admin center, manage support tickets, and monitor service health.
Global AdministratorA user that has total control over all aspects of your Microsoft 365 tenant. There is nothing this user cannot access or do to your tenant. This is the only user that can assign admin roles to other users
GroupA group in Microsoft 365 can be used to apply privileges/permissions to a group of people, or to email a list of users simultaneously
Helpdesk AdministratorSometimes referred to as a password administrator. Resets passwords, manages support tickets, and monitors service health. Helpdesk admins can't reset passwords for global admins. Only other global admins can do that.
IMAPIMAP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If IMAP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of IMAP to access email in Microsoft 365.
Last Mailbox loginThe last time a user logged into their mailbox
LicenseThe Microsoft 365 license that is assigned to a user
License AdministratorAdds, removes, and updates license assignments for users, groups (using group-based licensing), and manages the usage location of users.
LicensedA user is licensed if they are assigned an Microsoft 365 license in your tenant. It is possible to have a user without a license. They can access the portal but won't be able to do anything or access your data unless they are an admin.
Mail UserAn external user. However, unlike a mail contact, a mail user has logon credentials in your Exchange or Microsoft 365 organization and can access resources. These users appear if content is shared or access given to anything within your Microsoft 365 tenant.
MAPIMAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended
Message Centre ReaderMonitors changes to the service and can view all posts to the Message center in Microsoft 365 and share Message center posts with others through email. People assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions.
MFA StatusThe Multi Factor Authentication status of the user. All admins should have MFA enabled!
OAuth2 (Modern Authentication)OAuth2 or Modern Authentication fully supports all forms of Multifactor Authentication. For security and compliance the it is recommended that OAuth2 should always be enabled
Password Expiry PolicyFor security compliance all users should regularly change their password. Passwords should not be set to 'Never Expire' without a good reason
POPPOP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If POP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of POP to access email in Microsoft 365.
Power BI AdministratorA person assigned to the Power BI admin role will have access to Microsoft 365 Power BI usage metrics. They'll also be able to control your organization's usage of Power BI features.
Primary email addressThe main email address of a user that is used to log into Microsoft 365 and is also the address seen by recipients of an email from this user
Privileged Role AdministratorA customised administrator that can be given control over indivdually specified items in your Microsoft 365 tenant
Reports ReaderCan view all the activity reports in the Microsoft 365 admin center.
Reset Password at next loginShows if the user will be required to reset their password the next time they log in
Room MailboxA room mailbox is a resource mailbox that's assigned to a physical location, such as a conference room, an auditorium, or a training room. With room mailboxes, users can easily reserve these rooms by including room mailboxes in their meeting requests. When they do this, the room mailbox uses options you can configure to decide whether the invite should be accepted or denied.
Security DefaultsSecurity defaults makes it easier to help protect your organisation from identity related attacks with preconfigured security settings. Requires all users to register for MFA. Requires Admins to do Multifactor AUthentication. Requires users to do Multifactor authentication when necessary (DOES NOT ENFORCE MFA IN ALL SITUATIONS). Blocks legacy authentication protocols. Protects privileged activities like access to the Azure Portal. Security defaults are useful if a tenant has only free tier Azure AD. They are generally not considered suitable if the tenant has premium licenses, uses conditional access policies, or has complex security requirements.
Security GroupA security group is used to assign permission to a set of users to grant access to things, such as to a SharePoint Site, Web Pages, an entire SharePoint List or Document Library, or even just some files, etc.
Service Support AdministratorOpens support tickets with Microsoft and views the service dashboard and message center. They have 'view only' permissions except for opening support tickets and reading them.
Shared MailboxA shared mailbox does not take a Microsoft 365 license. A shared mailbox can only be accessed by someone that is given delegated permission to access it. It can function in exactly the same way as a regular mailbox but is not acessible independently.
Sharepoint AdministratorManages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators.
Site Collection AdministratorControls one specified sharepoint site on your tenant. This role can be set by a Sharepoint administrator
Skype AdministratorConfigures Skype for Business for your organization and can view all the activity reports in the Microsoft 365 admin center. Can open and manage support tickets.
SMTPSMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365.
Teams Communications AdministratorCan manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies. They can also use call analytics tools to troubleshoot issues.
Teams Communications Support EngineerCan troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.
Teams Communications Support SpecialistCan troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.
Teams Service AdministratorCan manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings. This role additionally grants the ability to create and manage all Microsoft 365 Groups, manage support tickets, and monitor service health.
TenantThe instance of your Microsoft 365 that includes all of your content
Unified Audit LogThe Unified Audit Log UAL, keeps a record of most events that occur in Microsoft 365. Without the unified audit log keeping track of events is in most cases impossible. For security and compliance the UAL should always be enabled
User Account AdministratorResets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Microsoft 365 groups. The user management admin can't delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance, and Skype for Business admins. This role also includes the ability to update license assignments for users and for groups (using group-based licensing), and manage the usage location of users.
User MailboxThe place where Microsoft 365 stores all of a user's email
Verification StatusShows if the domain is valid and ready to be used in your tenant