New guidance from Microsoft for Office 365

Microsoft recently updated their support page and offered additional guidance to network admins as it relates to Office 365's built-in spam filters.  The gist of the update is that they strongly advise against turning the auto-filters off.

They provided some additional guidelines if you decide to bypass them for one reason or another.

Here are the most relevant portions

"If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through.  Additionally, bypassing should be done only on a temporary basis.  This is because spam filters can evolve and verdicts could improve over time...."

If you decide you want or need to bypass anyway, the company offered the following additional suggestions:

  • Never put domains that you own onto the Allow and Block lists
  • Never put common domains, such as Microsoft.com and office.com onto the Allow and Block lists
  • Do not keep domains on the lists permanently, unless you disagree with the verdict of Microsoft

You and/or your IT staff are likely already aware of this. If not, Microsoft maintains a living document on their support website where they keep a comprehensive list of security best practices for Office 365.  If you haven't seen it before, or if it's been a while since you reviewed it, it pays to take some time to look it over.

Our perspective

On a related note, the company recently sent out a bulletin advising all Office 365 customers and admins to report junk email messages for analysis using the Microsoft Junk Email Reporting add-on. This is in order to help reduce the number and effect of future junk email messages.  If you and your team aren't already in the habit of doing this, now is an excellent time to start.

Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting soon.

Contact me if you would like me to speak at your association.