Educause Security Discussion mailing list archives

Re: Exchange Online

From: Jeff Choo <jeff_choo () WILLIAMJAMES EDU>
Date: Mon, 17 Aug 2015 16:54:23 +0000

Hi Ed,

In Office 365 Admin Portal > Exchange Admin > Mailbox > Property setting, there is a checkbox for “hide this account 
from address list” which remove this student’s account from being referenced in global address list.  Is this what you 
are looking for?

Regards

Jeff

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Evans, 
Edward
Sent: Friday, August 14, 2015 4:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Exchange Online

I want to piggy back on this discussion.  Students have an option to restrict access to their names under FERPA.  Not 
cloud specific, how do you handle that in the Global Address List at your institutions?  Particular to Office 365, what 
do you do when the service (such as OneDrive in Office 365) would insert the user’s name into the URL for online access?

I appreciate your insights.

Thanks,
Ed

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jones, 
Mark B
Sent: Friday, August 14, 2015 6:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Exchange Online

Is there something special about email in O365.

I think having a policy that sanctions sending PHI via email is irresponsible unless you add the requirement that the 
email be encrypted.

Perhaps PHI can be protected at rest in O365, But email is email.

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Everett, 
Alex D
Sent: Thursday, August 13, 2015 10:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Exchange Online

I am wondering if any of your organizations have sanctioned the exchange of PII or PHI via e-mail in Office 365 or are 
evaluating this.
Over time, we are seeing more security controls and features added to Office 365 and wondered if any other 
organizations had made this decision.
We have not yet made this decision and are not presently using Exchange Online/Outlook in Office365.
If you have or have not, or if you have a policy that you could point me to I would appreciate it.
Feel free to e-mail me directly if you don’t want to respond to all.

Sincerely,

Alex Everett, CISSP
IT Security Engineer
University of North Carolina at Chapel Hill

Current thread:

Exchange Online Everett, Alex D (Aug 13)
- Re: Exchange Online Meier, Tina (Aug 13)
- Re: Exchange Online Jeff Choo (Aug 13)
- Re: Exchange Online Jones, Mark B (Aug 14)
  - Re: Exchange Online Tevlin, Dave (Aug 14)
  - Re: Exchange Online Evans, Edward (Aug 14)
    - Re: Exchange Online Jones, Mark B (Aug 16)
    - Re: Exchange Online Jeff Choo (Aug 17)
- <Possible follow-ups>
- Re: Exchange Online Everett, Alex D (Aug 13)
  - Re: Exchange Online Everett, Alex D (Aug 13)