SOLVED

Improving security for shared mailboxes or generic user accounts

Occasional Contributor

Hi,

 

Our organisation uses generic accounts for each location for example, location@company.com

 

Recently we have seen an increase in attempts to login to these generic accounts and I'm trying to find a better way to do this. 

 

Just want to get some feedback on these options that I have in mind and see if there are any other suggestions out there?

 

1. Use a shared mailbox - but maybe put some conditional access policies on it to improve security.  I think going with this option will mean that I can't use multi-factor authentication (MFA)

 

2. Use a generic account - but forward the emails to an individual within the organisation and block sign-ins to the generic account. Still apply the requirement for MFA on the generic account (Can I still receive emails if I block sign-ins from Azure)

 

3. Can't really think of another way..

4 Replies
best response confirmed by Livi_1 (Occasional Contributor)
Solution
Do you need to send messages directly as these addresses? If not, simply recreate them as DLs or Office 365 Groups (you can still use Send As permissions to send messages if needed).

You can safely block the account and it will continue receiving messages. You can also disable POP/IMAP/SMTP protocols, which are usually the target for brute-force attempts. And having a tenant-wide policy that block basic auth isn't a bad thing either :)
Thanks! Using Office 365 groups fits the bill exactly!
Its easy to manage. However I noticed the groups that were created in Teams did not automatically appear within Outlook. So if anyone is having similar issues, I found this article

https://techcommunity.microsoft.com/t5/microsoft-365-groups/office-365-groups-not-visible-in-outlook...

You have to change the value in Exchange Powershell:

Set-UnifiedGroup -Identity "group name" -HiddenFromExchangeClientsEnabled:$false

I only had to do it for one group so that made it easy.
Does anyone know if you open up the O365 account to accept external emails - whether you can still apply the spam and anti-phishing spoofing policies in compliance centre?