New chapter in this newsletter

After a long series on cybersecurity basics and online behaviour, we're pivoting into a new series — M365 tenant configuration (with a Business Premium tenant).

After a long series on cybersecurity basics and general online behaviour, we're moving into a new series — configuring an M365 tenant (with a Business Premium licence). Starting today, this newsletter will walk you through how to set up a complete M365 tenant according to the latest standards.

Why the change?

Simple — you can only talk about cybersecurity fundamentals for so long. I do believe repetition is the mother of wisdom, but it was getting to be a lot. The topic I've picked for the next many weeks is something anyone using M365 should be able to put to use, and definitely anyone with a Business Premium licence.

I have a tenant — where do I start?

The first thing is creating a separate admin and working account. Your admin account doesn't need a licence, so take advantage of that! Working under an account with administrator privileges (let alone global administrator) is a road to hell. Once you've split admin and working accounts, it's time to configure your domain.

What can be configured at the domain level?

The main items are DKIM, DMARC and SPF. Microsoft generates SPF and DKIM for you; DMARC you'll have to create yourself. Open admin.microsoft.com, pick Settings → Domains in the right-hand menu — if your domain is already added, double-check those records are verified. If they're missing or wrong, add them at the provider where your domain is hosted. Good services for generating DMARC records are EasyDMARC and Dmarcian. If you're not sure whether DMARC is in place, you can check with MXToolbox.