So you’ve migrated to Exchange Online…now what?
It’s day 1 after your migration to Exchange Online, and it’s likely you’ll have questions about your new environment, particularly – is it secure, and how do I begin to manage it?
This guide will help you get through the initial stages of configuring Exchange Online. While many folks start full steam ahead after setup, there are actually a number of steps that need to be addressed right away – they will save potential issues at a later point.
Note: These are post-migration steps, they assume that you have set up mail flow so that mail at least works (configuring your domain DNS etc) and that mail is working properly. You can at least send and receive email both within and outside of the organization.
So, you have some or all of the accounts in place and on-boarding has begun. What next?
First thing’s first: security.
Sign off and agree on Security Roles
The first task is one of documentation and guidance. This is a pretty uninteresting aspect of the process, but if the system security isn’t defined or put in place early, then it leads to major headaches down the line.
Make sure that you decide and designate ownership over email security, as well as assigning any and all administrator roles. Define these roles and document them. This could be the start of a more formal governance plan or it can simply be a strong starting point for good Exchange Online management – but make sure it’s clearly written down. This will guide users later on, especially as tasks become more frequent. While this process can start before day one, it does need to be in place by this stage. It is a fairly common occurrence in migration projects for the pace and the challenges to ramp up as more and more users are turned on. This means that once-simple tasks will be compromised by time constraints.
As a minimum, make sure you define the following roles:
- Security Co-ordinator: This is the person who is in charge of bringing all the security roles into focus. While they may not have any actual rights to the Exchange Online system their core function is to ensure that data about the roles are collected and documented. For smaller organizations the co-ordinator could also be a senior or junior administrator.
- Senior Administrator: This is the person who has the keys to the kingdom. They are responsible for all aspects of administration and will undertake the proper measures to ensure that the security guidelines are maintained.
- Junior Administrator: This is a person who has some delegated rights to Exchange Online but won’t have full access to the system. There can be a number of junior administrators with various roles.
Define the scope of your security settings.
At this initial stage it may be a case of putting general security settings in place, while more specific requirements and policies are refined over time. The key to a smooth transition is ensuring that all crucial security measures are added, and the environment is protected while it is being built on.
Get to know the Exchange Online Admin Center and dig into permissions
Like any management system there are a myriad of settings and configuration tasks to undertake. The Exchange Online Admin Center – a part of the larger Office 365 Admin Center, will be a common destination as the days, weeks and months progress. There are currently 9 main menu options as defined below.
While you can review all of these settings while you start to get a feel for the center as a whole, the permissions section is an important area to focus on initially – you can review the roles you have set, and make any necessary changes or refinements. Office 365 has a fairly complex Role Based Access Control (RBAC) system that has many moving parts, there are quite a few Exchange Online roles that can be defined. Become familiar with each and then define them.
Examples of some of the roles in Exchange Online are:
- Organization Management
- Hygiene Management
- Compliance Management
- Recipient Management
- Help Desk
- View-only roles.
The organization management role has some of the most direct administration access to Exchange Online and should be given out sparingly and only to qualified individuals. In contrast, some of the lower view-only report driven roles can have a more lax security model, as there is no ability to make any changes in Exchange Online.
Here is some more guidance on feature permissions and roles, to help you get set up.
Want to know what happens beyond Day 1? Why not tune in to our upcoming webinar ‘So you’ve migrated to Exchange Online…now what?’ and find out.