Securing M365 mail routing : SCENARIO 3

When an organisation has completely transitioned and migrated to Exchange Online and directed their MX record to The organisation should in line with best practices, have Microsoft Defender for Office365 Plan 2 securely configured.

Scenario 3, this my proffered choice. All Contoso * aliases can be blocked as they are no longer required. When Contoso’s mx record has been directed at Exchange Online protection. Exchange Online Protection & Microsoft Defender for 365 will protect all aliases. It may not even be necessary to block all Contoso * aliases.

It is possible to create an email address policy for Office365 groups that only use’s primary email addresses, which can still allow mail flow to Team’s channels. Then the usual protection of comes into play, SPF, DKIM and finally DMARC.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s