Managing Distribution Groups in an Exchange Hybrid Environment

EddieJennings

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

Here's a better question - have you limited who can make groups in Exchange/Teams/Sharepoint, etc?

I'm looking to start a O365 migration relatively soon, and I think this is one thing I will do - limit creation to only a few.

We should be. It's something I need to verify.

It's not the default. By default anyone can add any group they want - and add users to those groups of anyone (i.e. email addresses not in your company ) which ends up making your user list a giant mess (at least in my opinion).

That I know (it not being the default). And yes, it will lead to a giant mess.

Dashrender

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

Man.. Ditch local outlook - move to outlook on the web only.. huge problems solved.

I wish we could do that. The amount of time it would take for top-down buy-in for that far exceeds how long I'll be at this company

That's unfortunate. I have half of docs doing this already, the other half shouldn't be that hard (they only have Local Outlook on their office computers anyhow, which they rarely use), otherwise it's webmail and phones.
Now the big pushback will be MFA.

EddieJennings

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

That's unfortunate. I have half of docs doing this already, the other half shouldn't be that hard (they only have Local Outlook on their office computers anyhow, which they rarely use), otherwise it's webmail and phones.
Now the big pushback will be MFA.

Irony = We use DUO for MFA and that buy-in wasn't too terrible. But it helped that we had an incident a couple of years ago that helped bang the drum of "MFA is a good idea."

Dashrender

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

That's unfortunate. I have half of docs doing this already, the other half shouldn't be that hard (they only have Local Outlook on their office computers anyhow, which they rarely use), otherwise it's webmail and phones.
Now the big pushback will be MFA.

Irony = We use DUO for MFA and that buy-in wasn't too terrible. But it helped that we had an incident a couple of years ago that helped bang the drum of "MFA is a good idea."

Definitely helpful. We have a few that won't have much of an issue with it - but we have others - if they don't have a shortcut, they can't find the interwebs...

dbeato

@EddieJennings DUO MFA doesn't work for clients such as Outlook and Mobile Email application so it is not helpful for it. It only works on OWA. Office 365 MFA does apply to all clients.

EddieJennings

@dbeato said in Managing Distribution Groups in an Exchange Hybrid Environment:

@EddieJennings DUO MFA doesn't work for clients such as Outlook and Mobile Email application so it is not helpful for it. It only works on OWA. Office 365 MFA does apply to all clients.

We are using DUO MFA with Outlook, Outlook App on mobile, and built-in Apple mail app.

manxam

@dbeato : If you're using Azure AD P1 or above and a Duo Access Gateway, then DUO can fully replace Outlook's "modern authentication" routine.
https://duo.com/docs/o365

dbeato

@manxam said in Managing Distribution Groups in an Exchange Hybrid Environment:

@dbeato : If you're using Azure AD P1 or above and a Duo Access Gateway, then DUO can fully replace Outlook's "modern authentication" routine.
https://duo.com/docs/o365

Yeah, that is for Office 365, I am talking on Exchange on Prem (Which is part of a Hybrid Environment) .

EddieJennings

I ought to have clarified. DUO MFA comes into play with Outlook for our mailboxes that are in Exchange Online. On-prem mailboxes (the few we have left aren't subject to DUO).

Dashrender

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

I ought to have clarified. DUO MFA comes into play with Outlook for our mailboxes that are in Exchange Online. On-prem mailboxes (the few we have left aren't subject to DUO).

Are those that are left on prem - are they actual users? If so, I'm curious why they can't be migrated?

EddieJennings

@Dashrender said in Managing Distribution Groups in an Exchange Hybrid Environment:

@EddieJennings said in Managing Distribution Groups in an Exchange Hybrid Environment:

I ought to have clarified. DUO MFA comes into play with Outlook for our mailboxes that are in Exchange Online. On-prem mailboxes (the few we have left aren't subject to DUO).

Are those that are left on prem - are they actual users? If so, I'm curious why they can't be migrated?

Eventually all users will be migrated, so, yes, we still have real users on-prem.

This is outside the scope of the original question / scenario, but I've learned a good bit during this process with much of that learning validating a few things I already knew, such as the value of taking the necessary time to plan, and prep the environment for migration (removing unnecessary objects, etc.).