Maybe syncing your on-premises Microsoft Active Directory to your hosted email provider is not such a good idea. This statement might be provocative but let me explain.
Separation of duties, that is my reason. If your on-premises AD gets compromised and you are syncing the directory with your email provider then all of those mailboxes also get compromised. So why not separate the two (2) environments? Don't let what happens to one environment affect the other. My personal philosophy is to have these two (2) environments completely separate, that way if anything happens to one, it won't affect the other.
A few years ago Saudi Aramco's internal network was attacked with the result being that digital operations world-wide came to a halt including email. I don't want that to happen to my organization. So even if my internal network grinds to a halt, email will still flow and customer communications won't be affected by my on-premises systems.
Rob
No comments:
Post a Comment