Here you can find the transcript of Episode #125 of PiaSys TechBites.

Welcome back to Piasys Tech Bites. We keep on talking about how to configure and set up a Microsoft 365 EDU Tenant. And specifically today, I want to talk about the topic, which is optional indeed, and which is about how to configure policies for mailboxes of users where users are students, which might be just kids or teenagers.

And we want to have a policy to ensure that those users will simply use their mailboxes to make internal communication within the boundaries of the EDU Tenant, in which they are defined. Just to avoid them from using their school mailbox, to do stuff which is not related to the school activity. So, let’s move to the demo environment and let’s see how to configure such kind of policies in Exchange Online.

In order to configure the mailbox policies, you can go to the admin UI of Microsoft 365 in your EDU tenant. You click on show all and you go to Exchange Online admin UI. From here, you can configure, first of all, a group, actually a distribution list, which will group all of your users. We can even switch to the new UI of Exchange Online admin.

And from here, we can go to groups and we can add a new group. The new group will be, for example, a distribution list. You will call it, let’s say, all_students. And once you’ve done that, you will associate a mailbox for example, all_students to this distribution list.

We will not allow people outside the organization to send to this mailbox, any message, because we want to protect our students. And once we have done that, we can create our group. And of course, we will have to associate all of these students to this group. We can eventually consider using a PowerShell script or eventually dynamic group to do that.

Once we have defined a group, we can switch to the more features and we can go to transport rules. We can create a new rule, which will be a rule to restrict messages and by sender or recipient. We can give a name which can be “Restrict students from sending outside of the organization”.

And the rule will say that if the recipient is located, for example, Qoutside of the organization. So we don’t want to allow students to send messages outside. If the recipient of the message is outside of the organization, and more option, we add a condition, we say that the sender is a member of group called all_students, which is the one we just created. Here it is. Add. Okay. We will not allow to send a message. So we will reject the message and we will explain why.

So, the option that we will choose is reject, block, the message and include an explanation. And the explanation might be: “You are not allowed to send messages outside of the organization.” And that’s it. Once we define such kind of policy, we will have the Exchange Online configured to block students from sending email messages outside of the organization.

We can do the same with another rule. So, restrict messages by sender or recipient. Now the rule will be for messages from outside to the students of our school. So the name could be “Restrict students receiving from outside of the organization.” So now, the sender must be located inside. Meaning that we want to block outside user from sending messages.

So we will say, if the sender is outside of the organization. And more option, the recipient of the message is located in the all_students group that we created before. Then again, we want to block the message and we want to reject the message and include an explanation. And this time will be: “You are not allowed to send messages to students in our organization.” And that’s it. Again, we save the rule.

And with two rules that we just defined, we can prohibit students from sending messages outside and external users from sending messages inside to our target students. And that’s it.

Like always, thank you for watching this video. I hope you found it interesting. And I’m looking forward to seeing you next week. And remember, subscribe to this channel. Thank you.