3 Cool Bolt-on Email Solutions for Non-IT M365 Admins

This is part of a TekkiGurus series aimed at non-IT administrators: those without legacy IT experience, who nonetheless work as administrators of their organization’s Microsoft 365 environment. Read more of these articles here.

Microsoft has made great strides to become a do-everything solution for workplaces with all conceivable functionality built-in, but there are still times when a third party offers a solution that is more fully-featured, simpler to use, or just plain does things that Microsoft's solutions can't. But if you're a non-IT admin who isn't accustomed to searching for functionality outside the bounds of Microsoft 365, it can be tough to know where to start.

Let’s consider this subject in stages. First, let’s define some of the terminology that a non-IT admin might not see or use on a day-to-day basis. Let’s peer into the past so you can gain an understanding of the way it was. And then let’s bring things into the present with a handful of potential tools you might want to consider for your organization.

The Terminology: Built-in and Bolt-on

Microsoft continues to provide on-premises server solutions like Windows Server (the base operating system), Exchange Server (for email services), and SharePoint Server (for communication and collaboration). These have a variety of different tools and features that are built into the server. In addition, Microsoft has online SaaS (software-as-a-service) services through Microsoft 365 that are run, and can be managed, in the cloud. These also have built-in tools and features. However, at times, with both on-premises and online options, you may want to add another solution to assist your organization. These are called bolt-on solutions (some call them add-ons or other terms that imply a separately purchased solution that integrates with your primary service).

The Way Back

The subject of bolt-on vs. built-in was rarely debated back in IT Admin days. With on-premises flavors of Microsoft servers there were always gaps that allowed for—or even necessitated—bolt-on solutions. Exchange Server was a perfect example where Microsoft partners would diligently develop solutions that provided better security, backup/recovery, archive/discovery, and more. However, the move to a cloud-based set of servers and services has given Microsoft a lot more control over the options provided and they’ve begun to build these features in for free, or at times, to make them available to be snapped on for a cost (license upgrade or a la carte). As a result, the days of ubiquitous bolt-ons are past. Nevertheless, some enhancement options are still worth considering, particularly for M365 email. Let’s consider three.

Three Bolt-on M365 Email Solutions

Email Signature. M365 allows you to access the Exchange Online admin console and provide some basic email signatures or disclaimers through rules where you supply conditions, actions, and exceptions. You can append or prepend the signature or disclaimer and even format it to a degree using HTML. But the built-in signature solution is quite limited compared to third-party options that you can purchase and bolt on. One example is Exclaimer’s email signature solution. Exclaimer provides email signature management in such a way that non-IT admins will not get super deep in the weeds of the technology. You can easily design your email signatures using templates (although they also have a design team that can assist)—no HTML skills required. You can determine which template is applied to which user for both incoming and outgoing emails. One very helpful included tool is a signature test so you can see what that signature will look like before you send an email with it. Another strong option for email signatures is CodeTwo. They have a solution that integrates easily with M365 to pull user data directly into the signature.

Email Security. M365 has security features embedded throughout, with email security being a heavy focus. This was never the case with Exchange on-premises and IT admins would always seek to bolt on something extra. But with M365 email there is some basic, free protection out of the box for anti-spam and anti-malware called Exchange Online Protection (EOP). You can upgrade that protection by paying extra for advanced threat protection through Defender for Office 365, which builds on EOP with safe link URL protection, safe attachment protection, and impersonation protection (aka anti-phishing). However, with over 90% of all cyber attacks beginning with an email, you may wish to bolt on another solution—something that can enhance or bolster what Microsoft is doing.

The challenge for the non-IT admin is that often these third-party solutions require a degree in computer science to manage. Well, not quite… but it can feel that way. What you need is a solution that makes it easy to deploy and has easy administration options. One example is Mimecast’s email security solution, Cloud Integrated. What you might appreciate here is that it sits behind the Microsoft security architecture so that Microsoft takes a first look at email coming in and Mimecast takes a second look to prevent an attack from sneaking through. It also has protection for Teams. A variety of additional bolt-on security solutions can address things like end user training, fake phishing simulation, safety scoring metrics and more.

DMARC Analyzation. This one is a little deeper, but non-IT admins know you have to wade in a little deeper at times. In more recent years, security experts have encouraged the use of SPF, DKIM and DMARC to provide email authentication (or validation) to stop email from fake senders (or spoofing) with your company domain name. Microsoft has done a great job making this as easy as possible to set up. If you’re a little hesitant you can always seek out a Managed or Cloud Service Provider (MSP/CSP) to assist you. However, once in place, you may want to see graphically that your efforts are working. To do that requires an analyzer, and Microsoft doesn’t provide one. They recommend a third-party solution (their list includes Valimail, OnDMARC, Agari for DMARC, and dmarcian). I’ve used dmarcian quite a bit and have personally experienced the value of seeing visually that your efforts to configure DMARC are paying off. Another one I like is Sendmarc, primarily because it’s designed to assist MSPs or CSPs to deploy and manage across their customer base. The value of these tools is to see an at-a-glance view of your efforts to prevent spoofing post-SPF/DKIM/DMARC configuration. It’s quite satisfying to see those efforts pay off; pre-configuration you might see your organization spoofing attempts at one level and then post-configuration, as you would expect, lower attempts and rejected attempts overall.

If a DMARC analyzer sounds exciting to you and you’re itching to learn more about it, not to worry: In a future article I’ll address in greater detail the value of SPF/DKIM and DMARC.

Conclusion

You don’t want to daisy chain or bolt on too many solutions to M365, because this will add to the complexity of your administration, as well as the cost. However, there are times when you may wish to enhance what Microsoft provides built-in. Or there may be solutions or services that Microsoft hasn’t added to their list of features (yet). In that case, do a little research, maybe a trial, ask others, and see if a bolt-on might be what you need.