Report created for Acestara on Monday 09 June 2025 at 1:30 PM
Microsoft 365 Security Report
 Dashboard
 Admins
 Users
 Licenses
 Mailbox Access
 Devices
 Mobile Devices
 Contacts
 Resources
 Groups
 Forwarding
 Transport Rules
 Inbox Rules
 Conditional Access
 Action Points
 Glossary of Terms
Company Information  
NameTechnical E-mailTelephone Number
Acestaraglenn@mspeasytools.co.uk01218090309
 
Tenant wide options  
Unified Audit LogSecurity defaultsDays until password expiryAuthentication Methods Policy
EnabledDisabledNEVERmigrationInProgress
Authentication Methods  
Active SyncPOPIMAPMAPISMTPOAuth2
EnabledDisabledDisabledEnabledEnabledEnabled
 
MFA conditional access policies  
NameIDUsers includedUsers excludedGroups includedGroups excludedRoles includedRoles excludedState
MFA global admin3ff2a2d3-93e3-4efa-90e0-d691ab635657glenn@acestara.comandrew@acestara.com, Ginger@acestara.com, Hippo@acestara.comef9910ce-4da7-4117-8be9-723ac772b6e5>Acestara TeamGlobal Administratorenabled
MSPET-Require-MFA-for-All-Users941cee82-df7e-45c2-bbfa-0903cb0b72e9Allenabled
 
Global Administrators  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Global AdministratorGlenn Evansenforcedyesnoglenn@acestara.com
Global AdministratorQuinn EvansEnabled (CA)yesnoquinn@acestara.com
Global AdministratorJennifer AurelliEnabled (CA)yesnoJenny@acestara.com
Global AdministratorChris AnthemumenablednonoChris@acestara.com
Global AdministratorAndrew testenforcedyesnoandrew@acestara.com
Global AdministratorAndrew Demo Admin accountenforcednonodemo@acestara.com
Global AdministratorConnie TestEnabled (CA)nonoconnie@acestara.com
Global AdministratorHippo BillEnabled (CA)nonoHippo@acestara.com
Global Administratorandrew2 EardleyEnabled (CA)nonoandrew2@acestara.com
Global AdministratorKamil HaluskaEnabled (CA)nonoKamilHaluska@acestara.com
Global AdministratorMSP Easy ToolsenforcednonoMSPET@acestara.com
Domains  
Domain NameVerification StatusDefaultDKIM enabled
acestara.onmicrosoft.comVerifiedNoEnabled
acestara.comVerifiedYesEnabled
 
Azure AD registered applications  
NameAppIDCreated onPublisher DomainClient Secret expiryClient Secret statusCertificate expiryCertificate status
P2P Servere7a627c8-ad59-428c-b444-3eb4415ae1312025/04/05 18:07acestara.com
 
Enterprise AD registered applications  
NameAppIDCreated on
Microsoft Graph Command Line Tools14d82eec-204b-4c2f-b7e8-296a70dab67e2025/05/14 08:07
Nine for Office 365516e4bcb-86da-4cfe-92cb-435c1e8dbf712022/09/11 09:42
Google Workspace4d7fe9fb-5646-447f-ba61-ba9bd4455b272025/04/05 21:08
OfficeMail Pro875f7cff-1574-438d-9385-cf9b391910ce2024/11/18 09:51
 
Users with Strong Password Enforcement Disabled  
Information
Information: No Users were found with Strong Password Enforcement disabled
Users with password expiry policy disabled  
NamePrimary Email AddressIs LicensedMFA StatusPassword Expiry Policy
MSP Easy ToolsMSPET@acestara.comFalseenforcedNever Expires
Role Assignments  
Admin RoleNameMFA StatusIs LicensedIs BlockedE-mail Address
Application AdministratorKamil HaluskaEnabled (CA)nonoKamilHaluska@acestara.com
Attribute Assignment Administratorwww wwwEnabled (CA)nonowww@acestara.com
Authentication Administratorwww wwwEnabled (CA)nonowww@acestara.com
Azure DevOps AdministratorQuinn EvansEnabled (CA)yesnoquinn@acestara.com
Billing AdministratorQuinn EvansEnabled (CA)yesnoquinn@acestara.com
Billing AdministratorChris AnthemumenablednonoChris@acestara.com
Billing AdministratorOlive YewenablednonoOlive@acestara.com
Billing AdministratorEquipmentenablednonoequipment@acestara.com
Exchange AdministratorMark PottsEnabled (CA)nonoMark@acestara.com
Exchange AdministratorRalph Higginsenablednonoralph@acestara.com
Exchange AdministratorAndrew testenforcedyesnoandrew@acestara.com
Exchange AdministratorPamela PumpkinEnabled (CA)nonoPam@acestara.com
Global AdministratorGlenn Evansenforcedyesnoglenn@acestara.com
Global AdministratorQuinn EvansEnabled (CA)yesnoquinn@acestara.com
Global AdministratorJennifer AurelliEnabled (CA)yesnoJenny@acestara.com
Global AdministratorChris AnthemumenablednonoChris@acestara.com
Global AdministratorAndrew testenforcedyesnoandrew@acestara.com
Global AdministratorAndrew Demo Admin accountenforcednonodemo@acestara.com
Global AdministratorConnie TestEnabled (CA)nonoconnie@acestara.com
Global AdministratorHippo BillEnabled (CA)nonoHippo@acestara.com
Global Administratorandrew2 EardleyEnabled (CA)nonoandrew2@acestara.com
Global AdministratorKamil HaluskaEnabled (CA)nonoKamilHaluska@acestara.com
Global AdministratorMSP Easy ToolsenforcednonoMSPET@acestara.com
Groups AdministratorAlan ThomasEnabled (CA)yesnoalanthomas@acestara.com
Helpdesk AdministratorBen DoverenforcedyesnoBen@acestara.com
Intune AdministratorBen DoverenforcedyesnoBen@acestara.com
License AdministratorPamela PumpkinEnabled (CA)nonoPam@acestara.com
Password AdministratorKamil HaluskaEnabled (CA)nonoKamilHaluska@acestara.com
Teams AdministratorPerry ScopeenablednonoPerry@acestara.com
Role Assignments Chart  
Microsoft 365 Users  
NamePrimary E-mail addressLicensesEmail TypeLast Logon dateDays since last logonReset Password at Next LogonIs BlockedMFA StatusSystem Preferred Authentication Method EnabledSystem Preferred Authentication MethodUser Preferred Method For Secondary AuthenticationMFA Methods RegisteredSelf Service Password reset capableSelf Service Password reset registeredSelf Service Password reset enabledPasswordless CapableActiveSyncPOPIMAPMAPISMTPOWAE-mail Aliases
Alan Thomasalanthomas@acestara.comTEAMS_ESSENTIALS_AADUserMailboxNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledalanthomas@acestara.com
Alfie McDeealfiemcdee@acestara.comNot ActiveNot availableNot availableFalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew testandrew@acestara.comMICROSOFT 365 BUSINESS BASICUserMailbox2025-03-19 09:12:5882FalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethod, emailAuthenticationMethod, phoneAuthenticationMethod, microsoftAuthenticatorAuthenticationMethod, microsoftAuthenticatorAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledEnabledDisabledEnabledtestemail@acestara.com, andrew@acestara.com
andrew2 Eardleyandrew2@acestara.comNot Active2023-11-06 10:07:45581FalseNoEnabled (CA)TruePhoneAppNotificationpushpasswordAuthenticationMethod, phoneAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Anne TeakAnne@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruePhoneAppNotificationpushpasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Art DecoArt@acestara.comNot ActiveNot availableNot availableFalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethod, temporaryAccessPassAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledArt@acestara.com
Ben DoverBen@acestara.comMICROSOFT POWER AUTOMATE FREE, EXCHANGE ONLINE KIOSKUserMailboxNot availableNot availableFalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledDisabledDisabledEnabledBen@acestara.com
cheechee@acestara.comUserMailboxNot availableNot availableFalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledchee@acestara.onmicrosoft.com, chee@acestara.com
Chris AnthemumChris@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Connie Testconnie@acestara.comNot Active2025-06-03 13:52:525FalseNoEnabled (CA)TruePhoneAppNotificationpushpasswordAuthenticationMethod, phoneAuthenticationMethod, temporaryAccessPassAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
ddd dddddd@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Andrew Demo Admin accountdemo@acestara.comNot Active2022-06-16 12:44:191089FalseNoenforcedTrueoathpasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Equipmentequipment@acestara.comEquipmentMailboxNot availableNot availableFalseNoenabledTruePhoneAppNotificationpushpasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabledequipment@acestara.com
Ginger PlantGinger@acestara.comNot ActiveNot availableNot availableFalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Glenn Evansglenn@acestara.comEXCHANGE ONLINE (PLAN 1), MICROSOFT_INTUNE_SUITE, AZURE ACTIVE DIRECTORY PREMIUM P1UserMailbox2025-06-04 20:12:194FalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethod, phoneAuthenticationMethod, microsoftAuthenticatorAuthenticationMethod, microsoftAuthenticatorAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledEnabledEnabledEnabledadmin@acestara.com, glenn@acestara.com, admin@acestara.onmicrosoft.com
Hippo BillHippo@acestara.comNot Active2023-09-22 09:29:30626FalseNoEnabled (CA)TrueSoftwareOTPoathpasswordAuthenticationMethod, phoneAuthenticationMethod, softwareOathAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabledHippo@acestara.com
Holly Bushholly@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledholly@acestara.com
Hugo FirstHugo@acestara.comSharedMailboxNot availableNot availableFalseNoenforcedTrueoathpasswordAuthenticationMethodFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledHugo@acestara.com
Jean EardleyJean@acestara.comNot Active2025-06-03 12:03:446FalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Jennifer AurelliJenny@acestara.comEXCHANGE ONLINE KIOSKUserMailbox2020-05-26 13:57:301839FalseNoEnabled (CA)TruepasswordAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledDisabledDisabledEnabledJenniferAurelli@acestara.com, Jennifer@acestara.com, Jenny@acestara.onmicrosoft.com, Jenny@acestara.com
Kamil HaluskaKamilHaluska@acestara.comNot Active2025-04-28 09:38:3342FalseNoEnabled (CA)TruePhoneAppNotificationsmspasswordAuthenticationMethod, phoneAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabledKamilHaluska@acestara.com
Kevin Dowlingkevin@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledkevin@acestara.com
Liz ErdLiz@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mal AjustedMal@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Mark PottsMark@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabledMark@acestara.com
Mark AteerMarkA@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Meeting Roommeetingroom@acestara.comRoomMailboxNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledmeetingroom@acestara.com
Michael Takermichael@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
MSP Easy ToolsMSPET@acestara.comNot Active2025-06-06 19:55:502FalseNoenforcedTruePhoneAppNotificationpushpasswordAuthenticationMethod, phoneAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Neil DownNeil@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Olive YewOlive@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Pamela PumpkinPam@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodTrueTrueTrueFalseDisabledDisabledDisabledDisabledDisabledDisabled
Perry ScopePerry@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Petronela WinterPet@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Peter OwtPeter@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Quinn Evansquinn@acestara.comEXCHANGE ONLINE KIOSK, MICROSOFT POWER AUTOMATE FREEUserMailbox2022-05-24 07:27:531112FalseNoEnabled (CA)TruepasswordAuthenticationMethod, microsoftAuthenticatorAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledDisabledDisabledEnabledQuinnEvans@acestara.com, info@acestara.com, CE@acestara.com, QEvans@acestara.com, TheQuinnstar@acestara.com, quinn@acestara.onmicrosoft.com, quinn@acestara.com
Ralph Higginsralph@acestara.comSharedMailboxNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledEnabledDisabledEnabledralph@acestara.com
Ray SincarRay@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
hotelreception@acestara.comSharedMailboxNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseEnabledDisabledDisabledDisabledDisabledEnabledReception1@acestara.onmicrosoft.com, Reception1@acestara.com, reception@acestara.com
Rhea Laxrhea@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabledrhea@acestara.com
Simon SaisSimon@acestara.comNot ActiveNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
Supportsupport@acestara.comSharedMailboxNot availableNot availableFalseNoenabledTruepasswordAuthenticationMethodFalseFalseFalseFalseEnabledDisabledDisabledEnabledDisabledEnabledsupport@acestara.com
ttttt tttttt@acestara.comNot ActiveNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodFalseFalseFalseFalseDisabledDisabledDisabledDisabledDisabledDisabled
www wwwwww@acestara.comSharedMailboxNot availableNot availableFalseNoEnabled (CA)TruepasswordAuthenticationMethodTrueTrueTrueFalseEnabledDisabledDisabledDisabledDisabledEnabledwww@acestara.com
Licensed and Unlicensed users chart  
Microsoft 365 User MFA Status  
Microsoft 365 Mailbox Types  
 
Microsoft 365 Licenses  
NameTotal AmountAssigned LicensesUnassigned Licenses
MICROSOFT_INTUNE_SUITE110
EXCHANGE ONLINE KIOSK532
EXCHANGE ONLINE (PLAN 1)110
TEAMS_ESSENTIALS_AAD01-1
AZURE ACTIVE DIRECTORY PREMIUM P1110
MICROSOFT 365 BUSINESS BASIC01-1
Microsoft 365 Licenses and Users  
NameUsers allocated this license
Microsoft_Intune_Suiteglenn@acestara.com
Exchange Online KioskBen@acestara.com, Jenny@acestara.com, quinn@acestara.com
Exchange Online (Plan 1)glenn@acestara.com
TEAMS_ESSENTIALS_AADalanthomas@acestara.com
Azure Active Directory Premium P1glenn@acestara.com
Microsoft 365 Business Basicandrew@acestara.com
Microsoft 365 Licensing Charts  
Microsoft 365 delegated access to mailboxes  
NamePrimary E-MailMailbox TypeUsers who can access this mailbox
glenn@acestara.comUserMailbox
alanthomas@acestara.comUserMailbox
andrew@acestara.comUserMailbox
Ben@acestara.comUserMailbox
chee@acestara.comUserMailboxquinn@acestara.com,ralph@acestara.com,Art@acestara.com,chee@acestara.com
equipment@acestara.comEquipmentMailbox
Hugo@acestara.comSharedMailbox
Jenny@acestara.comUserMailboxquinn@acestara.com,Jenny@acestara.com,support@acestara.com,ralph@acestara.com,meetingroom@acestara.com,alanthomas@acestara.com
quinn@acestara.comUserMailbox
ralph@acestara.comSharedMailboxquinn@acestara.com,Jenny@acestara.com,chee@acestara.com,www@acestara.com
reception@acestara.comSharedMailboxwww@acestara.com,alanthomas@acestara.com
support@acestara.comSharedMailboxquinn@acestara.com,ralph@acestara.com
www@acestara.comSharedMailbox
Microsoft 365 devices  
InActive DaysOwnersRegistration Date TimeDevice IdIs ManagedEnabledAdministrative UnitsNameObject IdOperating SystemManagement TypeGroupsUsersLast SignIn Date TimeBitLocker EncryptedIs CompliantOS VersionJoin Type
11KamilHaluska@acestara.com-60c153d4-2296-4667-a6bb-da2df61d98f1-True-MSPET0af0258f-9b7a-405a-9390-f555a8d70221Windows--KamilHaluska@acestara.com29/05/2025 08:25:32No-10.0.26100.2314Azure AD registered
Microsoft 365 mobile device access  
Primary Email AddressDisplay NameNameDevice ModelDevice TypeDevice OSDevelopment NameDevice IdClient TypeClient VersionMobile OperatorFirst SyncLast SyncLast Sync Attempt
andrew@acestara.comAndrew testandrewSM-S928BAndroidAndroid 14.S928BXXU3AXH7e3qxeea4E696E65364131333437433035323839EAS16.1vodafone UK2024/11/19 13:232024/11/22 21:432024/11/22 21:43
glenn@acestara.comGlenn EvansadminOutlook for iOS and AndroidOutlook143C07E3A45F6336689A4B35C543C8CD2FOutlook1.02025/04/05 20:212025/04/05 20:402025/04/05 20:40
glenn@acestara.comGlenn EvansadminOutlook for iOS and AndroidOutlook9D5949AAD949B314EA959EBA145C96202Outlook1.02025/04/05 18:232025/04/05 18:232025/04/05 18:23
Mobile device types  
 
Microsoft 365 contacts  
NameE-mail Address
PamPpam@acestara.com
Sydneysydney@Asw342A.com
Microsoft 365 Mail Users  
NamePrimary E-MailE-mail Aliases
PauloPaulo@gpostpc321.com
sydney_Asw342A.com#EXT#sydney@Asw342A.com
 
Microsoft 365 Room Mailboxes  
NamePrimary E-MailE-mail Aliases
Meeting Roommeetingroom@acestara.com
Microsoft 365 Equipment Mailboxes  
NamePrimary E-MailE-mail Aliases
Equipmentequipment@acestara.com
 
Microsoft 365 Groups  
NameTypeOwnerMembersE-mail AddressID
AcestaraMicrosoft 365 Groupandrew@acestara.com, andrew2@acestara.com, Chris@acestara.com, connie@acestara.com, demo@acestara.com, glenn@acestara.com, Hippo@acestara.com, KamilHaluska@acestara.com, MSPET@acestara.com, quinn@acestara.comalanthomas@acestara.com, andrew@acestara.com, Art@acestara.com, Ben@acestara.com, chee@acestara.com, glenn@acestara.com, Hippo@acestara.com, holly@acestara.com, Hugo@acestara.com, Jenny@acestara.com, KamilHaluska@acestara.com, kevin@acestara.com, Mark@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, rhea@acestara.com, sydney@Asw342A.com, www@acestara.com, alfiemcdee@acestara.com, andrew2@acestara.com, Anne@acestara.com, Chris@acestara.com, connie@acestara.com, ddd@acestara.com, demo@acestara.com, Ginger@acestara.com, Jean@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, michael@acestara.com, MSPET@acestara.com, Neil@acestara.com, Olive@acestara.com, Pam@acestara.com, Perry@acestara.com, Pet@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.com, ttt@acestara.comAcestara@acestara.comc3c914eb-08ea-4b38-95da-40e0e9c9f265
Acestara SecuritySecurity GroupJenny@acestara.com, ddd@acestara.com, ttt@acestara.comc86ff27d-4f92-4c3b-aa96-018a96b73953
Acestara TeamMicrosoft 365 Groupquinn@acestara.comBen@acestara.com, glenn@acestara.com, Hugo@acestara.com, Jenny@acestara.com, Mark@acestara.com, quinn@acestara.com, www@acestara.com, Anne@acestara.com, Chris@acestara.com, Ginger@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, Neil@acestara.com, Olive@acestara.com, Perry@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.comAcestaraTeam@acestara.comef9910ce-4da7-4117-8be9-723ac772b6e5
All CompanyMicrosoft 365 GroupAllCompany.9531400193.lmbcqnzx@acestara.com5aacfe77-b50c-4912-aa63-f912a220c7f8
DespatchDistribution Listglenn@acestara.com, Jenny@acestara.com, ralph@acestara.comdespatch@acestara.comc2ca64d2-dc93-43ae-8cc9-bcfd1cca2658
Discussion TeamMicrosoft 365 Groupquinn@acestara.comquinn@acestara.comDiscussionTeam@acestara.comac08fbdc-502f-48d4-9a7c-f8bb5c792bdb
DMARCMicrosoft 365 GroupGinger@acestara.comBen@acestara.com, Jenny@acestara.com, Anne@acestara.com, Chris@acestara.com, Liz@acestara.com, Ray@acestara.com, Simon@acestara.comdmarc@acestara.coma1c7a4ce-ee50-4bf1-b374-cfdf3fc6ebca
Group for Answers in Viva Engage – DO NOT DELETE 9531400193Microsoft 365 Groupandrew@acestara.com, andrew2@acestara.com, Chris@acestara.com, connie@acestara.com, demo@acestara.com, glenn@acestara.com, Hippo@acestara.com, Jenny@acestara.com, KamilHaluska@acestara.com, quinn@acestara.comgroupforanswersinvivaengagedonotdelete9531400193866@acestara.com81f26f46-cd8f-472d-a507-984b907be8c6
intunegSecurity Groupglenn@acestara.comglenn@acestara.comf1cc8446-a8d6-4c88-bfd1-1d10b52b41f0
MarketingMicrosoft 365 GroupMarkA@acestara.comBen@acestara.com, Hugo@acestara.com, Chris@acestara.com, Olive@acestara.com, Peter@acestara.com, Ray@acestara.commarketing@acestara.coma82038a9-ee9f-43d0-b82c-eed88b7d940c
Merging infoDistribution Listglenn@acestara.com, Jenny@acestara.com, quinn@acestara.com, ralph@acestara.com, support@acestara.commerging@acestara.com4fe8c299-c579-4e16-aefe-3076793923ff
MSPET AdminsSecurity GroupMSPET@acestara.com18ba0bd9-001d-45fa-87f0-6d5d17e9c6ea
PleaseDistributeDistribution Listpleasedistribute@acestara.combd7877c0-f097-4765-8a70-452a33bc1739
SalesDistribution Listglenn@acestara.com, Jenny@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.comsales@acestara.come7bd86de-a161-4bf8-ba2f-62ed33497b13
Security GroupMail Enabled Security Groupglenn@acestara.com, Jenny@acestara.com, quinn@acestara.com, ralph@acestara.com, support@acestara.comSecurity@acestara.comed6cba35-74e2-4220-aeda-d5fc26900db4
SecurityAlphaSecurity GroupJenny@acestara.com92bbb0b1-9566-4907-aed3-a54015cd9d64
SecuritySettingsAlphaSecurity Groupf0268b1b-a33c-482c-8ec7-365553f61563
snowflake007Distribution Listquinn@acestara.com, toot@acestara.comsnowflake@acestara.com7ab01af0-5b5f-4b60-9fec-19c348551984
testMicrosoft 365 Groupandrew@acestara.com, Ben@acestara.comglenn@acestara.comest@acestara.combf7a548a-e4d8-4c4f-966e-d1b2b13aa91a
testgroupDistribution Listchee@acestara.comtestgroup@acestara.comb88f651c-a950-41bc-aac5-e9c113021d58
tg14Mail Enabled Security Grouptg14@acestara.com94fd3ee0-f918-4369-9f9e-e368dea302a2
tg7Mail Enabled Security Groupalanthomas@acestara.comtg7@acestara.comcf13e5f0-d68b-40d2-a1e7-dd09289a3a3a
Timeout.comDistribution Listtimeout@acestara.comb06dad2e-fa66-4abf-9e05-c14f99866e0e
tootDistribution Listglenn@acestara.comtoot@acestara.combae7b905-4f1b-4dfa-9400-1e68f13ee479
Microsoft 365 mail enabled Groups with external members  
NameTypeOwnerMembersExternal MembersE-mail AddressID
AcestaraMicrosoft 365 Groupandrew@acestara.com, andrew2@acestara.com, Chris@acestara.com, connie@acestara.com, demo@acestara.com, glenn@acestara.com, Hippo@acestara.com, KamilHaluska@acestara.com, MSPET@acestara.com, quinn@acestara.comalanthomas@acestara.com, andrew@acestara.com, Art@acestara.com, Ben@acestara.com, chee@acestara.com, glenn@acestara.com, Hippo@acestara.com, holly@acestara.com, Hugo@acestara.com, Jenny@acestara.com, KamilHaluska@acestara.com, kevin@acestara.com, Mark@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, rhea@acestara.com, sydney@Asw342A.com, www@acestara.com, alfiemcdee@acestara.com, andrew2@acestara.com, Anne@acestara.com, Chris@acestara.com, connie@acestara.com, ddd@acestara.com, demo@acestara.com, Ginger@acestara.com, Jean@acestara.com, Liz@acestara.com, Mal@acestara.com, MarkA@acestara.com, michael@acestara.com, MSPET@acestara.com, Neil@acestara.com, Olive@acestara.com, Pam@acestara.com, Perry@acestara.com, Pet@acestara.com, Peter@acestara.com, Ray@acestara.com, Simon@acestara.com, ttt@acestara.comPaulo@gpostpc321.com, sydney@Asw342A.comAcestara@acestara.comc3c914eb-08ea-4b38-95da-40e0e9c9f265
SalesDistribution Listglenn@acestara.com, Jenny@acestara.com, Paulo@gpostpc321.com, quinn@acestara.com, sydney@Asw342A.com, alfiemcdee@acestara.comPaulo@gpostpc321.com, sydney@Asw342A.comsales@acestara.come7bd86de-a161-4bf8-ba2f-62ed33497b13
Microsoft 365 Groups chart  
 
All Forwarding on mailboxes  
Primary Email AddressDisplay NameHas email forwarded to this address
equipment@acestara.comEquipmentquinn@acestara.com
Jenny@acestara.comJennifer Aurellijenny@iamaconartist.com
ralph@acestara.comRalph HigginsRalph@ivegotyourdata.com
support@acestara.comSupportralph@acestara.com
External Forwarding on mailboxes  
Primary Email AddressDisplay NameHas email forwarded to this address
Jenny@acestara.comJennifer Aurellijenny@iamaconartist.com
ralph@acestara.comRalph HigginsRalph@ivegotyourdata.com
 
All Transport Rules currently in the exchange  
Transport Rule NameDescription
Client Rules To External BlockIf the message:
Is sent to 'Outside the organization'
and Is message type 'Auto-forward'
and Is received from 'Inside the organization'
Take the following actions:
reject the message and include the explanation 'To improve security, MSP Easy Tools has disabled auto-forwarding rules to external addresses. Please contact MSP Easy Tools if you'd like to set up an exception.' with the status code: '5.7.1'
Block domain and delete - acestara.comIf the message:
recipients's address domain portion belongs to any of these domains: 'acestara.com'
and sender's address domain portion belongs to any of these domains: 'sky.com'
Take the following actions:
Delete the message without notifying the recipient or sender
Whitelist domain - TENANTIf the message:
sender's address domain portion belongs to any of these domains: 'mspeasytools.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist emails - TENANTIf the message:
Is received from 'andrew@mspeasytools.com'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Block IP and delete - acestara.comIf the message:
sender ip addresses belong to one of these ranges: '31.94.62.235'
and recipients's address domain portion belongs to any of these domains: 'acestara.com'
Take the following actions:
Delete the message without notifying the recipient or sender
Warn on external senders with internal domainIf the message:
sender's address domain portion belongs to any of these domains: 'acestara.onmicrosoft.com' or 'acestara.com'
and Is received from 'Outside the organization'
Take the following actions:
Prepend the message with the disclaimer '<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width="100%" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'> <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#910A19;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width="100%" style='width:100.0%;background:#FDF2F4;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding="7px 5px 7px 15px" color="#212121"><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: "Segoe UI",sans-serif;mso-fareast-font-family:"Times New Roman";color:#212121'>POSSIBLE DOMAIN SPOOFING. This message was sent from outside the company but is using an internal domain. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe. If this is a trusted sender, and you would like to add an exception, please contact MSP Easy Tools.<o:p></o:p></span></p></div></td></tr></table><br><br>'. If the disclaimer can't be applied, attach the message to a new disclaimer message.
Except if the message:
sender's address domain portion belongs to any of these domains: 'hippo.co.uk'
or Includes these patterns in the message subject or body: 'POSSIBLE DOMAIN SPOOFING. This message'
Warn on external senders with matching display namesIf the message:
'From' header contains ''Alan Thomas' or 'Andrew test' or 'Ben Dover' or 'chee' or 'Discovery Search Mailbox' or 'Equipment' or 'Glenn Evans' or 'hotel' or 'Hugo First' or 'Jennifer Aurelli' or 'Meeting Room' or 'Quinn Evans'or...'
and Is received from 'Outside the organization'
Take the following actions:
Prepend the message with the disclaimer '<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width="100%" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'> <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#910A19;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width="100%" style='width:100.0%;background:#FDF2F4;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding="7px 5px 7px 15px" color="#212121"><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: "Segoe UI",sans-serif;mso-fareast-font-family:"Times New Roman";color:#212121'>POSSIBLE NAME SPOOFING. This message was sent from outside the company by someone with a display name matching a user in your organisation. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe. If this is a trusted sender, and you would like to add an exception, please contact MSP Easy Tools.<o:p></o:p></span></p></div></td></tr></table><br><br>'. If the disclaimer can't be applied, attach the message to a new disclaimer message.
Except if the message:
Is received from 'test@gmail.com'
or Includes these patterns in the message subject or body: 'POSSIBLE NAME SPOOFING. This message'
Warn on external sendersIf the message:
Is received from 'Outside the organization'
Take the following actions:
Prepend the message with the disclaimer '<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width="100%" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'> <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#ffa826;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width="100%" style='width:100.0%;background:#fffdde;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding="7px 5px 7px 15px" color="#212121"><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: "Segoe UI",sans-serif;mso-fareast-font-family:"Times New Roman";color:#212121'>EXTERNAL SENDER WARNING. This message was sent from outside your organisation. Please do not click links or open attachments unless you recognise the source of this email and know the content is safe.<o:p></o:p></span></p></div></td></tr></table><br><br>'. If the disclaimer can't be applied, attach the message to a new disclaimer message.
RansomwareBlockingIf the message:
Is sent to 'Inside the organization'
and has an attachment with a file extension that matches one of these values: 'ade' or 'adp' or 'ani' or 'bas' or 'bat' or 'chm' or 'cmd' or 'com' or 'cpl' or 'crt' or 'hlp' or 'ht' or 'hta' or 'inf' or 'ins' or 'isp' or 'job' or 'js' or 'jse' or 'lnk' or 'mda' or 'mdb' or 'mde'or...
Take the following actions:
Generate recipient notification and include the following content: 'You were sent a message containing a prohibited file type as an attachment.<br> <br> Message details: <br> <b>Sender</b> - %%From%%<br> <b>Subject</b> - %%Subject%%<br> <b>Message date</b> - %%MessageDate%%<br> <br> <b>Infected attachments are the number one way of contracting a ransomware virus that can encrypt your files irretrievably!</b><br> <br> This message and its attachments have been automatically deleted!<br> <br> The following file types are blocked:<br> ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif<br> <br> If you are legitimately expecting to receive an email with one of the blocked file types attached please ask the sender to resend the email without the attachment and make alternate arrangements to send the file. <br> A possible alternative is to upload the file to secure online storage and send a secure link instead.<br> <br><br> <p><img src='https://portal.mspeasytools.co.uk/images/msptools/logosmall.png' ></p>'
and Delete the message without notifying the recipient or sender
RansomwareWarningIf the message:
Is sent to 'Inside the organization'
and has an attachment with a file extension that matches one of these values: 'dotm' or 'docm' or 'xlsm' or 'sltm' or 'xla' or 'xlam' or 'xll' or 'pptm' or 'potm' or 'ppam' or 'ppsm' or 'py' or 'sh' or 'sldm' or 'one'
Take the following actions:
Prepend the message with the disclaimer '<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 align=left width="100%" style='width:100.0%;mso-cellspacing:0cm;mso-yfti-tbllook:1184; mso-table-lspace:2.25pt;mso-table-rspace:2.25pt;mso-table-anchor-vertical:paragraph;mso-table-anchor-horizontal:column;mso-table-left:left;mso-padding-alt:0cm 0cm 0cm 0cm'> <tr style='mso-yfti-irow:0;mso-yfti-firstrow:yes;mso-yfti-lastrow:yes'><td style='background:#ffa826;padding:5.25pt 1.5pt 5.25pt 1.5pt'></td><td width="100%" style='width:100.0%;background:#fffdde;padding:5.25pt 3.75pt 5.25pt 11.25pt; word-wrap:break-word' cellpadding="7px 5px 7px 15px" color="#212121"><div><p class=MsoNormal style='mso-element:frame;mso-element-frame-hspace:2.25pt; mso-element-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal: column;mso-height-rule:exactly'><span style='font-size:9.0pt;font-family: "Segoe UI",sans-serif;mso-fareast-font-family:"Times New Roman";color:#212121'><b>Warning, this email contains an attachment that could contain malicious code.</b><br>Infected attachments are the number one way of contracting a ransomware virus that can encrypt your files irretrievably!<br><b>DO NOT OPEN THE FILES</b> unless you were expecting them and trust the sender. Even from a trusted sender these types of attachments should be treated with extreme caution and verified before opening if unsolicited!<o:p></o:p></span></p></div></td></tr></table><br><br>'. If the disclaimer can't be applied, attach the message to a new disclaimer message.
AlertsNotJunkIf the message:
Is received from 'Alerts@office365security.info'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
MSPET-RD-MSP EasyTools infoIf the message:
Is received from 'andrew@mspeasytools.co.uk'
and Includes these patterns in the message subject: 'Further information'
Take the following actions:
Redirect the message to 'quinn@acestara.com'
whitelist MSP Easy ToolsIf the message:
sender's address domain portion belongs to any of these domains: 'businesseasytools.com' or 'micromonty.co.uk' or 'micromonty.com' or 'mspeasy.onmicrosoft.com' or 'mspeasytools.co.uk' or 'mspeasytools.com' or 'mspeasytools.sk' or 'mspeasywins.com' or 'mspet.co.uk' or 'office365security.info'or...
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Block IP and delete - TENANTIf the message:
sender ip addresses belong to one of these ranges: '1.1.2.3'
Take the following actions:
Delete the message without notifying the recipient or sender
Whitelist gdsq.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist ff.oiIf the message:
sender's address domain portion belongs to any of these domains: 'ff.oi'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Whitelist gdsq.co.ukIf the message:
sender's address domain portion belongs to any of these domains: 'gdsq.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
whitelist MSPETUKIf the message:
sender's address domain portion belongs to any of these domains: 'mspet.uk' or 'mspetduk.onmicrosoft.com' or 'msptools.co.uk'
Take the following actions:
Set the spam confidence level (SCL) to '-1'
Forward to HomeIf the message:
Is sent to 'support@acestara.com'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to 'Ermin@pdsft1.co.uk'
Internal plus2If the message:
Is sent to 'Jenny@acestara.com'
Take the following actions:
Blind carbon copy(Bcc) the message to 'Ernie@fastestmilkman.west'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to 'Penny@pincher.bank'
Sent to 'Ralph Higgins'If the message:
Is sent to 'ralph@acestara.com'
Take the following actions:
Prepend the subject with 'Hello Ralph'
Con artist runIf the message:
Is sent to 'andrew@acestara.com'
Take the following actions:
Redirect the message to 'quinn@acestara.com'
Transport Rules that forward externally  
Transport Rule NameDescription
Forward to HomeIf the message:
Is sent to 'support@acestara.com'
and Includes these words in the message subject: 'Sydney'
Take the following actions:
Redirect the message to 'Ermin@pdsft1.co.uk'
Internal plus2If the message:
Is sent to 'Jenny@acestara.com'
Take the following actions:
Blind carbon copy(Bcc) the message to 'Ernie@fastestmilkman.west'
Secret messagesIf the message:
Includes these words in the message subject or body: 'Bank details'
Take the following actions:
Redirect the message to 'Penny@pincher.bank'
 
All inbox rules currently in the exchange  
User Email AddressInbox Rule NameEnabledDescription
alanthomas@acestara.comJunk E-mail RuleTrue
andrew@acestara.comJunk E-mail RuleFalse
Ben@acestara.comJunk E-mail RuleFalse
chee@acestara.comJunk E-mail RuleFalse
DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}@acestara.onmicrosoft.comJunk E-mail RuleTrue
equipment@acestara.comJunk E-mail RuleFalse
glenn@acestara.comJunk E-mail RuleTrue
reception@acestara.comJunk E-mail RuleFalse
Hugo@acestara.comJunk E-mail RuleFalse
Jenny@acestara.comJunk E-mail RuleFalse
Jenny@acestara.comMicrosoft.Exchange.OOF.AllExternalSenders.GlobalFalse
meetingroom@acestara.comJunk E-mail RuleFalse
quinn@acestara.comDelegate Rule 7596466681786925057TrueIf the message:
the message has "Private" sensitivity
Take the following actions:
redirect the message to 'Bert Dirtha'
quinn@acestara.comJunk E-mail RuleFalse
quinn@acestara.comEmails from JenniferTrueIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
quinn@acestara.comEmails from MarkTrueIf the message:
the message was received from 'Mark@acestara.com'
Take the following actions:
delete the message
and stop processing more rules on this message
quinn@acestara.comEmails from RalphTrueIf the message:
the message was received from 'Ralph Higgins'
Take the following actions:
move the message to folder 'Ralph'
and stop processing more rules on this message
quinn@acestara.comFor all messages from Acestara TeamTrueIf the message:
the message was received from 'Jennifer Aurelli'
Take the following actions:
move the message to folder 'Jennifer'
and stop processing more rules on this message
quinn@acestara.comto meFalseIf the message:
the body of the message contains the words 'pigs'
Take the following actions:
delete the message
and stop processing more rules on this message
ralph@acestara.comJunk E-mail RuleFalse
support@acestara.comJunk E-mail RuleFalse
support@acestara.comExternal SendTrueIf the message:
the message includes specific words in the subject 'Finance'
Take the following actions:
forward the message to 'Quinn@gexdsqa.uk'
and stop processing more rules on this message
www@acestara.comJunk E-mail RuleTrue
Inbox Rules that forward externally  
Information
Information: No externally forwarding inbox rules were found.
All Conditional Access Policies detail  
Display NameIdDescriptionStateCreated DateModified DateIncluded UsersExcluded UsersIncluded GroupsExcluded GroupsIncluded RolesExcluded RolesIncluded AppIDsExcluded AppIDsInclude User ActionsIncluded Authentication Context Class ReferencesClient App type conditionsClient Apps Include Service PrincipalsClient Apps Exclude Service PrincipalsFilter for Devices ModeFilter for Devices RuleIncluded LocationsExcluded LocationsIncluded PlatformsExcluded PlatformsService Principal Risk LevelsSign In Risk LevelsUser Risk LevelsGrant controlsRequire Authentication StrengthOperator for multiple controlsCustom Authentication FactorsGrant controls Terms Of UseApplication enforced restrictions enabledCloud App Security TypeCloud App Security enabledDisable Resilience DefaultsPersistent Browser modePersistent Browser mode enabledSign in frequency intervalSign in frequency interval valueSign in frequency interval unitSign in frequency Authentication TypeSign in frequency interval enabled
remembermfa928f26f0-7437-4276-888c-8fa34a7ab748disabled17/06/2022 07:42:2329/08/2023 22:20:04AllGlobal AdministratorAllallalwaysTruetimeBased1hoursprimaryAndSecondaryAuthenticationTrue
test Policy5f8d3920-a944-4f5a-82d2-e7f77b89a2badisabled06/09/2023 21:56:3309/09/2023 09:18:10Allglenn@acestara.comNoneallAllblockOR
MFA global admin3ff2a2d3-93e3-4efa-90e0-d691ab635657enabled22/09/2023 07:38:3908/10/2024 15:18:19glenn@acestara.comandrew@acestara.com, Ginger@acestara.com, Hippo@acestara.comAcestara TeamGlobal AdministratorAllallmfaOR
MSPET-Require-MFA-for-All-Users941cee82-df7e-45c2-bbfa-0903cb0b72e9enabled27/02/2025 12:11:29AllAllallmfaOR

Action Points

The below summarises recommended important points to act upon, taken from the entire security report. Where possible you should aim to make as many of the items below show as a green thumbs up. If due to required legacy compatibilty you are unable to fully address all points then you should tightly control and document anything that can't be changed for compliancy purposes. Action points are colour / icon coded for ease of use. A green thumbs up requires no action on your part. A red thumbs down represents a significant security / misconfiguration issue and should be addressed. An amber pointing finger should still be addresed but may be of less significance in comparison to a thumbs down. A blue 'info' icon is not necesarily a concern but is something that you need to be aware of.

Unified Audit Log

The Unified Audit log is enabled

No action needs to be taken

Password Expiry Policy

The organisation password expiry policy is set to Never Expire

For increased security it is recommended that passwords are changed in line with an organisational policy. While Microsoft currently recommends to set a secure password and not to change it, because this can lead to weak password when users get idle. It is clearly better to change the password on schedule and keep it strong! This should be done if possible! You can use the 'Organisation Password Policy' tool in the Security tools section of MicroMonty to configure a suitable password expiry policy

OAuth2

OAuth2 (Modern Authentication) is enabled in the tenant

No action needs to be taken

Active Sync

Active Sync is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. Active Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps. You can use the connection protocols tool in MicroMonty to control this

POP

No accounts in the tenant are using POP to access email

No action needs to be taken

IMAP

No accounts in the tenant are using IMAP to access email

No action needs to be taken

MAPI

MAPI is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. MAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended. You can use the connection protocols tool in MicroMonty to control this

SMTP

SMTP is enabled for at least one account in the tenant

Check the 'Users' tab for more detail. SMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365. You can use the connection protocols tool in MicroMonty to control this

MFA Conditional Access Policy

All configured conditional access policies that enforce MFA are enabled

No action needs to be taken

MFA Conditional Access Policy Exceptions

A conditional access policy has exceptions

Check the 'Dashboard' tab for more detail. A conditional access policy that enforces MFA has exceptions defined. This could mean that accounts falling under the scope of the policy no longer have MFA enabled if they are specified or contained within the exceptions listed.

Domain Verification

All registered domains are verified in Microsoft 365

No action needs to be taken

DKIM Status

All registered domains have DKIM enabled.

No action needs to be taken

Azure AD App creation

Azure applications are registered in your Azure AD

Look at the 'Dashboard' tab for more info. Carefully review existing azure AD applications. Detailed information about operations and permissions granted to the app are viewable in the Azure portal. Look under Azure Active Directory and then App Registrations. Illicit registered Azure applications can potentially perform devastating operations within your tenant. It is recommended that you enable the scanning service in MSP Easy Tools to alert you when a new app is created.

Strong Password Requirement

No users found with strong password enforcement disabled

No action needs to be taken

No password expiry

Users found with Password expiry disabled but MFA enabled

Check the 'Dashboard' tab for more information. For security, If possible enable password expiry for all users. However, these users do have MFA enabled. You can use the Password tools in the security section of Micromonty to help you do this

Global Admins

Multiple global admins detected

It is recommended that the number of Global Admins is kept to a minimum for security. Please check the 'Admins' tab for more detail. Attackers can create a new admin to compromise your systems. Remember also that an internal user has 'Access all areas' if they are a global admin. The pro version of the tools can alert you when a new admin is detected and also help to remove unwanted admins. MircroMonty can help you to configure different admin privileges for any account

Admin Multifactor Authentication

All Admins are using MFA

No action needs to be taken

User Multifactor Authentication

All users are using MFA

No action needs to be taken

Blocked users

No blocked users in the tenant

No action needs to be taken

License allocation

Licenses are allocated that are not present in the tenant

Some users are allocated licenses that do not exist in the tenant. Check the 'Licenses'. tab for more detail. The license may have expired or has been cancelled. This should be remedied to avoid disruption to services and possible data loss. You can use the license tool in MicroMonty to help you fix this issue, but you may need to purchase additional licenses first

License usage

There are unused licenses in the tenant

Unused licenses can incur a cost that is unnecessary. Check the 'Licenses'. tab for more detail. These licenses should be allocated to users or cancelled if not needed. You can use the license tool in MicroMonty to assign licenses. Excess licenses must be cancelled with your provider

Delegated mailbox access

There are users with delegated mailboxes in the tenant

When a mailbox is delegated the delegate can fully access the content of the mailbox. Check the 'Licenses'. tab for more detail. Please check to confirm these delegations are as they should be. You can use the Mailbox tools in MicroMonty to change mailbox permissions.

Microsoft 365 Mail Users

Microsoft 365 Mail Users exist in the tenant

A Microsoft 365 mail user is an external user that has been given access to some (or all) of the content in your Microsoft 365 tenant. This usually means that a user has shared some content with this person. Check the 'Contacts' tab for more detail. Microsoft 365 mail users are not recommended, especially long term, these users can access part or even all of your sharepoint / onedrive data. You can use MicroMonty to help you remove 'Mail Users'

Groups with external members

Mail enabled groups exist with external members

A mail enabled group with an external member can be used to forward mail external to the organisation. Check the 'Groups' tab for more detail. If possible you should remove external members from your mail enabled groups. You can use MicroMonty to create and delete mail enabled groups. New MicroMonty tool to configure existing group members soon. The pro version of MSP Easy tools can automatically alert you when a new external group member is found.

External Forwarding

Users with external forwarders exist in the tenant

External forwarders are a common way attackers forward mail to an address outside the company. These forwarders can sometimes be invisible in the office portal, dependent on how they were set. Check the 'Forwarding' tab for more detail. If possible you should remove all external forwarders on every account. You can use MicroMonty to control forwarders on an account. The pro version of MSP Easy tools can automatically alert you when a new external forwarder is found. The counterpart tool on the launcher will help you to remove unwanted forwarders

External Transport Rules

Externally forwarding transport rules were found

External transport rules can be used to forward emails automatically to a recipient outside the tenant. Check the 'Transport Rules' tab for more detail. If possible you should remove all external Transport rules. The pro version of MSP Easy tools can automatically alert you when a new external transport rule is found. The counterpart tool on the launcher will help you to remove unwanted rules

External inbox Rules

No externally forwarding inbox rules were found.

No action needs to be taken

Conditional Access Policies

Enabled conditional access policies were found.

No action needs to be taken. Check the conditional access tab of the report for more detail.

Conditional Access Policies

Disabled conditional access policies were found

Check the conditional access tab of the report for more detail. Disabled conditional access policies are not operational.
Explanation of terms used in the report  
TermExplanation
Active SyncActive Sync is a legacy protocol that is used to access Exchange servers. It does not fully support MFA so ideally should not be used. However, most mobile devices use Active Sync to access emails, blocking active sync will stop mobile devices retrieving email when using most email apps.
AdminA user or entity that has control over your Microsoft 365 tenant
Azure AD applicationsAn Azure AD application is a registered applicaition in the Active directory of a Microsoft 365 tenant. Azure applications can be granted permissions to perform a multitude of actions both within the tenant and potentially upon any partner tenants too.
Billing AdministratorMakes purchases, manages subscriptions, opens and manages support tickets, and monitors service health.
Conditional Access PolicyA conditional access policy enforces specified conditions on user, group members or roles within the Azure active directory. For example it could be used to enforce MFA on users that are members of a particular group.
ContactAn external contact that has been added to the Microsoft 365 contacts list. These users do not have access to any of your Microsoft 365 content.
CRM Service AdministratorAlso known as a Dynamics 365 service admin, can sign in to the Dynamics 365 admin center to manage instances. A person with this role cannot do functions restricted to the Microsoft 365 global admin such as manage user accounts, manage subscriptions, access settings for Microsoft 365 apps like Exchange or SharePoint.
Customer LockBox Access ApproverCan approve Microsoft support requests to access customer organizational data. Manages Customer Lockbox requests in your organisation. They receive email notifications for Customer Lockbox requests and can approve/deny requests from the Microsoft 365 Admin Center. They can also turn on/off the Customer Lockbox feature.
Default domainThe primary domain registered in your Microsoft 365 tenant
Distribution ListSometimes referred to as a Distribution Group. A Microsoft 365 distribution group is a group of users that is mail-enabled (you can send emails to this group email account, and by doing that, all listed users will also be emailed automatically rather than having to email them all individually
DKIMDKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren't altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server.
DomainThe part of your email address after @. Domains listed are all the ones that are valid in this tenant.
Email AliasAn alternate email address that can be used to send to a recipient. They will not be able to send out using this address. Only the primary email address can be used to send email.
Equipment MailboxAn equipment mailbox is a resource mailbox assigned to a resource that's not location specific, such as a portable computer, projector, microphone, or a company car. After an administrator creates an equipment mailbox, users can easily reserve the piece of equipment by including the corresponding equipment mailbox in a meeting request.
Exchange AdministratorManages email, mailboxes and anti-spam policies for your business, using the Exchange admin center. Can view all the activity reports in the Microsoft 365 admin center, manage support tickets, and monitor service health.
Global AdministratorA user that has total control over all aspects of your Microsoft 365 tenant. There is nothing this user cannot access or do to your tenant. This is the only user that can assign admin roles to other users
GroupA group in Microsoft 365 can be used to apply privileges/permissions to a group of people, or to email a list of users simultaneously
Helpdesk AdministratorSometimes referred to as a password administrator. Resets passwords, manages support tickets, and monitors service health. Helpdesk admins can't reset passwords for global admins. Only other global admins can do that.
IMAPIMAP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If IMAP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of IMAP to access email in Microsoft 365.
Last Mailbox loginThe last time a user logged into their mailbox
LicenseThe Microsoft 365 license that is assigned to a user
License AdministratorAdds, removes, and updates license assignments for users, groups (using group-based licensing), and manages the usage location of users.
LicensedA user is licensed if they are assigned an Microsoft 365 license in your tenant. It is possible to have a user without a license. They can access the portal but won't be able to do anything or access your data unless they are an admin.
Mail UserAn external user. However, unlike a mail contact, a mail user has logon credentials in your Exchange or Microsoft 365 organization and can access resources. These users appear if content is shared or access given to anything within your Microsoft 365 tenant.
MAPIMAPI is a legacy protocol that is used to access email accounts. Disabling MAPI could increase security. However, disabling MAPI will prevent the use of Outlook to access email in Exchange mode, this is generally not recommended
Message Centre ReaderMonitors changes to the service and can view all posts to the Message center in Microsoft 365 and share Message center posts with others through email. People assigned this role also have read-only access to some admin center resources, such as users, groups, domains, and subscriptions.
MFA StatusThe Multi Factor Authentication status of the user. All admins should have MFA enabled!
OAuth2 (Modern Authentication)OAuth2 or Modern Authentication fully supports all forms of Multifactor Authentication. For security and compliance the it is recommended that OAuth2 should always be enabled
Password Expiry PolicyFor security compliance all users should regularly change their password. Passwords should not be set to 'Never Expire' without a good reason
POPPOP is a legacy protocol that is used to access email accounts. It does not support MFA so should not be used. If POP is enabled MFA can be bypassed to access your email. For maximum security it is recommended to block the use of POP to access email in Microsoft 365.
Power BI AdministratorA person assigned to the Power BI admin role will have access to Microsoft 365 Power BI usage metrics. They'll also be able to control your organization's usage of Power BI features.
Primary email addressThe main email address of a user that is used to log into Microsoft 365 and is also the address seen by recipients of an email from this user
Privileged Role AdministratorA customised administrator that can be given control over indivdually specified items in your Microsoft 365 tenant
Reports ReaderCan view all the activity reports in the Microsoft 365 admin center.
Reset Password at next loginShows if the user will be required to reset their password the next time they log in
Room MailboxA room mailbox is a resource mailbox that's assigned to a physical location, such as a conference room, an auditorium, or a training room. With room mailboxes, users can easily reserve these rooms by including room mailboxes in their meeting requests. When they do this, the room mailbox uses options you can configure to decide whether the invite should be accepted or denied.
Security DefaultsSecurity defaults makes it easier to help protect your organisation from identity related attacks with preconfigured security settings. Requires all users to register for MFA. Requires Admins to do Multifactor AUthentication. Requires users to do Multifactor authentication when necessary (DOES NOT ENFORCE MFA IN ALL SITUATIONS). Blocks legacy authentication protocols. Protects privileged activities like access to the Azure Portal. Security defaults are useful if a tenant has only free tier Azure AD. They are generally not considered suitable if the tenant has premium licenses, uses conditional access policies, or has complex security requirements.
Security GroupA security group is used to assign permission to a set of users to grant access to things, such as to a SharePoint Site, Web Pages, an entire SharePoint List or Document Library, or even just some files, etc.
Service Support AdministratorOpens support tickets with Microsoft and views the service dashboard and message center. They have 'view only' permissions except for opening support tickets and reading them.
Shared MailboxA shared mailbox does not take a Microsoft 365 license. A shared mailbox can only be accessed by someone that is given delegated permission to access it. It can function in exactly the same way as a regular mailbox but is not acessible independently.
Sharepoint AdministratorManages file storage for your organization in SharePoint Online and OneDrive. They do this in the SharePoint admin center. They can also assign other people to be site collection administrators.
Site Collection AdministratorControls one specified sharepoint site on your tenant. This role can be set by a Sharepoint administrator
Skype AdministratorConfigures Skype for Business for your organization and can view all the activity reports in the Microsoft 365 admin center. Can open and manage support tickets.
SMTPSMTP is a legacy protocol that is used to send email. SMTP does not support MFA. If SMTP is enabled MFA can be bypassed to send email from your accounts. For maximum security, and to prevent your accounts being spoofed, it is recommended to block the use of SMTP in Microsoft 365.
Teams Communications AdministratorCan manage calling and meeting features of Microsoft Teams, including phone number assignments and meeting policies. They can also use call analytics tools to troubleshoot issues.
Teams Communications Support EngineerCan troubleshoot communication issues in Teams using call analytics tools, and can view full call record information for all participants involved.
Teams Communications Support SpecialistCan troubleshoot communication issues in Teams using call analytics tools, and can view call record information for the specific user being searched for.
Teams Service AdministratorCan manage all aspects of Microsoft Teams except license assignment. This includes policies for calling, messaging, and meetings; use of call analytics tools to troubleshoot telephony issues, and management of users and their telephony settings. This role additionally grants the ability to create and manage all Microsoft 365 Groups, manage support tickets, and monitor service health.
TenantThe instance of your Microsoft 365 that includes all of your content
Unified Audit LogThe Unified Audit Log UAL, keeps a record of most events that occur in Microsoft 365. Without the unified audit log keeping track of events is in most cases impossible. For security and compliance the UAL should always be enabled
User Account AdministratorResets passwords, monitors service health, adds and deletes user accounts, manages support tickets, adds and removes members from Microsoft 365 groups. The user management admin can't delete a global admin, create other admin roles, or reset passwords for global, billing, Exchange, SharePoint, Compliance, and Skype for Business admins. This role also includes the ability to update license assignments for users and for groups (using group-based licensing), and manage the usage location of users.
User MailboxThe place where Microsoft 365 stores all of a user's email
Verification StatusShows if the domain is valid and ready to be used in your tenant