Infrastructure Achievements
Messaging & collaboration services

- Testing & implementing new email filters to O365 email security (deploying soon)
With the Increased, attack on O365 hosted domains we are receiving over 80% of spam emails daily. Microsoft O365 is filtering emails for us but still allows some amount of SPAM emails get through with this new Email gateway filtering suit we will increase our filtering ability from 90% to 99%.
· Total Mailbox hosted on O365 are 72907


- Implement TLS version 1.2 on all services to stay in compliance with security requirements
Before we were using TLS 1.0 & 1.1, which has some security concerns that are resolved in TLS 1.2. We have also disabled older versions keeping in mind the supported product versions.
- Implemented ADFS 2016 for better security & prevent frequent user lockouts
We were using ADFS 3.0 & had limited ability to prevent Password spray attacks, now with ADFS 4.0 we are able to prevent our users from such attacks & enable conditional access.

- Introduced ADFS proxy in addition to above to be able to block external attacks & enable users inside the organization with “SSO” experience.
With the introduction of ADFS Proxy, we have increased User authentication security with conditional access at the same time we have given the ability for user SSO from within UAEU network
- Prepared servers to upgrade to new Authentication method for O365 services
Currently we are using SAML for authentication, which allows user to login SSO or Multiple factor authentication; however, there is still a risk of allowing older clients to bypass MFA & login. With the move to OAuth, we will achieve better SSO experience along with more secure options as second authentication or conditional access.
- Created an autonomous procedure to detect, report & take action for compromised users.
Before we had a big challenge when a user was compromised, user would be blocked by Microsoft & would not be able to send emails or hacker would use the compromised user to send SPAM emails inside the organization.
o Now we have designed an automated way of taking action using Microsoft Reporting & our scripts to block user, reset password & report to Helpdesk/security team. This has solved/reduce Helpdesk & security teams work load of compromised users.
- Enabled Web based right fax login
Users using E-Fax to send or receive fax do not need to install or configure the E-fax client on their PC. Since we have introduced Web Based client users can send/receive fax using mobile, PC or any device. They just need to login using their own UAEU credentials.
- We have total 243 users using Efax

