Resources & insights

Secure Your Communications Now: Implementing Microsoft Exchange Best Practices

Email is one of the most essential and widely used forms of communication in any organisation. It allows you to communicate with your customers, partners, suppliers, and employees, and to share important information, documents, and updates. However, email also poses significant risks to your organisation’s security, privacy, and reputation.

Cybercriminals can use email to launch phishing, ransomware, and malware attacks, to steal your data, to impersonate your brand, and to disrupt your operations. Therefore, you need to ensure that your email system is secure, reliable, and compliant with the best practices and standards in the industry.

In this blog, we will explore how you can secure your communications using Microsoft Exchange Server, the leading email and calendaring solution for businesses of all sizes. We will compare the deployment options of Exchange Server and Exchange Online, and how they fit into the Microsoft 365 suite of products. We will also discuss how Microsoft 365 and Defender provide built-in security features to protect your email system from threats.

Moreover, we will explain why you might want to use a third-party email filtering solution in front of Microsoft 365, and what other things you need to consider to enhance your email security, such as SPF, DKIM, and DMARC. By the end of this blog, you will have a better understanding of how to secure your communications using Microsoft Exchange Server, and how our company, Doherty Associates, can help you achieve that goal.

Deployment options – Microsoft Exchange Server vs Exchange Online

When choosing an email solution, you need to decide whether to deploy it on-premises or in the cloud. Microsoft Exchange Server is the on-premises version, and Exchange Online is the cloud-based version. Both options have their pros and cons, as follows:

MsExchange Server pros:

• Integration with other on-premises applications and systems

Exchange Server cons:

• Higher hardware, software, and maintenance costs
• Regular backups and updates required
• Requires more maintenance and regular patching to avoid security risks

Exchange Online pros:

• Anywhere and any device access
• Scalability and reliability of the cloud
• Lower capital and operational expenses

Exchange Online cons:

• Less control over data and infrastructure
• Dependency on Microsoft’s service level agreements and support
• Adaptation to changes and updates from Microsoft

How Exchange combines with Microsoft 365

Microsoft 365 is the platform that includes Exchange Online and other apps such as Word, Excel, PowerPoint, OneDrive, SharePoint, Teams, and more. Microsoft 365 lets you access all your tools and data from one place, and to work with your colleagues and partners across different devices and locations. Microsoft 365 also has security and compliance features to protect your data and users.

Exchange Online is the main part of Microsoft 365, as it provides the email and calendaring service that helps you communicate and coordinate with your organisation. Exchange Online also works with other Microsoft 365 products, such as Teams, Groups, Outlook, and more, to improve your productivity and collaboration. For example, you can use Teams to chat, call, and meet with your colleagues, and to access your Exchange Online email and calendar from the app.

You can also use Groups to create shared mailboxes, calendars, and files for your teams and projects, and to access them from Outlook or other Microsoft 365 apps. Furthermore, you can use Outlook to manage your email, calendar, contacts, tasks, and notes, and to sync them across your devices and apps.

Security is built-in – how Microsoft 365 and Defender combine to provide a secure solution

Microsoft 365 and Defender are the security solutions that Microsoft offers to protect your email and data from cyberattacks. Microsoft 365 includes security features such as encryption, multi-factor authentication, data loss prevention, and mobile device management, to ensure that your email and data are secure in transit and at rest, and that only authorised users can access them.

Defender is the comprehensive threat protection solution that Microsoft provides to detect, prevent, and respond to advanced threats across your email, devices, apps, and data. Defender includes products such as Defender for Office 365, Defender for Endpoint, Defender for Identity, and Defender for Cloud Apps, to protect your organisation from phishing, ransomware, malware, identity theft, and data breaches.

Microsoft 365 and Defender work together to provide a secure email solution for your organisation. For example, Defender for Office 365 scans your email attachments and links for malicious content, and blocks or quarantines them before they reach your Exchange inbox.

Defender for Office 365 also uses artificial intelligence and machine learning to analyse your email behaviour and patterns, and to identify and stop impersonation and spoofing attempts. Moreover, Defender for Office 365 integrates with Microsoft 365 security features, such as encryption and data loss prevention, to ensure that your email and data are protected from unauthorised access and leakage.

Reasons to use a third-party email filtering solution in-front of Microsoft 365

While Microsoft 365 and Defender provide a robust and secure email solution, you might still want to consider using a third-party email filtering solution in front of Microsoft 365, to enhance your email security and functionality. A third-party email filtering solution is a service that sits between your email system and the internet, and filters your incoming and outgoing email for spam, viruses, and other unwanted content. A third-party email filtering solution can offer several benefits, such as:

• Improved performance and reliability – a third-party email filtering solution can reduce the load on your email system and ensure that your email delivery and availability are not affected by network issues or service outages.
• It can provide business continuity by allowing access to the mailbox within the hosted service if Exchange goes down for any reason.
• Enhanced security and compliance – a third-party email filtering solution can provide additional layers of protection and detection, and help you meet the security and compliance standards of your industry and region.
• Advanced features and functionality – a third-party email filtering solution can offer features and functionality that Microsoft 365 and Defender might not have, or might charge extra for, such as message journalling, built-in signatures, email archiving, email continuity, and more.

At Doherty Associates, we partner with Mimecast, one of the leading providers of third-party email filtering solutions, to offer you a comprehensive and cost-effective email security and management service. Mimecast integrates seamlessly with Microsoft 365 and Defender, and provides you with the best of both worlds: the convenience and productivity of the cloud, and the control and security of a third-party solution.

Configuring Email and Exchange for modern security

To secure your email system and reputation, and ensure your emails get delivered to their recipients, you need to implement SPF and DKIM, two protocols that verify your email’s source and integrity. SPF lets you specify which servers can send email for your domain. DKIM lets you sign your email with a code that proves it has not been changed. SPF and DKIM prevent email spoofing and phishing, which are ways that hackers impersonate your brand and trick your recipients.

SPF uses a record in your domain’s DNS (Domain Name System) to list the IP addresses of your authorised servers. When a recipient’s server gets an email from your domain, it checks the SPF record to confirm the email’s source. If the email passes the SPF check, it goes to the recipient’s inbox. If it fails, it is rejected or marked as spam.

DKIM uses a public and private key pair for your domain and publishes the public key in your domain’s DNS. When you send an email from your domain, your server signs it with the private key and adds a DKIM signature to the email header. When a recipient’s server gets an email from your domain, it uses the public key to verify the DKIM signature and the email content. If the email passes the DKIM check, it goes to the recipient’s inbox. If it fails, it is rejected or marked as spam.

Exchange security – next steps

Another thing you need to think about to secure your email system and protect your organisation’s reputation is to implement DMARC, an email authentication protocol that builds on SPF and DKIM, and provides you with more control and visibility over your email delivery and performance. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, and it is a protocol that allows you to specify how your email should be handled by the recipient’s email server, based on the results of the SPF and DKIM checks. DMARC also allows you to receive reports from the recipient’s email server, which give you feedback on your email delivery and authentication status, and help you identify and fix any issues or anomalies.

DMARC works by publishing a record in your domain’s DNS, which defines your DMARC policy and preferences. Your DMARC policy tells the recipient’s email server what to do with your email, if it fails the SPF and/or DKIM checks. You can choose to deliver, quarantine, or reject the email. Your DMARC preferences tell the recipient’s email server how often and where to send you the DMARC reports, which contain information such as the volume and source of your email, the authentication results, and the actions taken by the recipient’s email server. You can use the DMARC reports to monitor and improve your email security and deliverability, and to detect and prevent any unauthorised or fraudulent use of your domain.

Conclusion

Email is a vital communication tool, but also a security and reputational risk. To secure your email system, use Microsoft Exchange Server and other solutions, such as Mimecast and email authentication protocols. At Doherty Associates, we are experts in email security and management, and we can help you choose, configure, and monitor the best solutions for your organisation. Contact us today to learn more.

Back to resources & insights