Microsoft 365 - Enforcing User Account Policy Compliance via Policy Groups (Departmental IT)
HIPAA: If you believe you or your university work may be influenced by HIPAA and you have questions about the use of policy groups within your organization, please contact your HIPAA Security Coordinator.
If you do not work within the guidelines of HIPAA and you are interested in using policy groups within your organization, please contact the DoIT Help Desk for more information.
-
The prevention of setting an account auto-forward from the Wisc Account Admin site and creation of forward-to Inbox rules in Outlook on the web.
- IMPORTANT: this restriction only applies to the Wisc Account Admin site initially. To extend this restriction to Outlook on the web, the user or departmental admin with delegated access to the user's account must take the following steps:
- Log into the Wisc Account Admin Site
- Navigate to the account over which the restriction will be enforced
- Click on "Office 365"
- Click on Forwarding
- Click on "Apply Restrictive Mailbox Policy" to prevent the creation of forward-to Inbox rules in Outlook on the web. Note: users may still set an account auto-forward from a desktop email client.
- IMPORTANT: this restriction only applies to the Wisc Account Admin site initially. To extend this restriction to Outlook on the web, the user or departmental admin with delegated access to the user's account must take the following steps:
The prevention of enabling POP configuration protocol once they've been disabled. This WILL NOT disable these protocols if they are currently enabled; it will only prevent users from re-enabling the protocols.
To implement the policy controls described above, please contact the DoIT Help Desk, providing the name of your "affiliation" and "exclusion" policy groups in Manifest, and ask that your policy groups request be sent to UW-Madison's Office 365 Team, so they may implement the enforcement of your policies. The Office 365 Team will contact you to confirm the implementation of your technical policy controls and let you know when they are in effect for your users.
Internal Notes
If the user is unable to set a forward or manage other settings within Wisc Administration site on their Office 365 account due to a security policy, please direct them to contact their local IT staff and HIPAA Security Coordinator to address this issue - O365 staff cannot override this action.
If a customer calls with a request for more information about policy groups or a request for assistance with their policy groups, please ask the questions below and record the customer's answers in the case notes before escalating to The Office 365 Technical/Functional Team:
- To which campus department or organization does the customer belong?
- Is this a request for help/information regarding existing policy groups or is it a request for help/information regarding setting up new policy groups?
- If the customer has existing policy groups and is requesting the implementation of policy controls over their users, ask the customer for the name of their "affiliation" group and "exclusion" group in Manifest. Note the names of both Manifest groups in the case notes before escalating.
For the Office 365 Team
When a policy groups customer indicates that they want to begin enforcing policy controls over their users' accounts, complete the following step:
- Office 365 Team makes the requesting customer's "Protocol_BlockReport" Manifest group a member of the "uw:domain:office365.wisc.edu:policies:hipaa_restrictions" Manifest Group. Note: customer's "Protocol_BlockReport" group will have a path in Manifest similar to "uw:domain:office365.wisc.edu:policies:[DEPT]:Protocol_BlockReport".