Export (0) Print
Expand All

Securing Access to the Hosted Archive

 

Topic Last Modified: 2011-04-05

EHA provides features that help you control access to the archive, including restricting user access based on IP address and customized password policies.

You can restrict user access to all hosted services websites and applications, limiting access to a specific set of IP addresses for users within your company. Restrictions can be set at company, domain, and individual user levels. The restriction configuration supports entries at the IP subnet mask level, or for individual IP addresses.

To create an IP restriction rule
  1. In the Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Security pane, next to IP Address Restriction, click Add.

  3. In the Add Allowed IP Addresses dialog box, in the IP addresses area, add the list of IP addresses that will be allowed to access hosted services websites and applications. You can enter a single IP address (192.168.0.1) or an IP subnet mask (192.168.0.1/24). Use one line for each entry.

  4. Click Save.

CautionCaution:
IP restrictions affect access to all hosted services web applications. Users with administrative permissions to the Administration Center will not have IP restrictions applied to their accounts.

To help comply with varying corporate password policies, you have the option of creating password policies for user accounts. Password policies are enforced at the company level and apply to all user accounts. If the password policy changes for your company, the users who are out of compliance are required to change their passwords the next time they log on.

To create a password policy
  1. In the Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Security pane, next to Password Policy, click Add.

  3. In the Password Policy dialog box, enter the password policy settings that you want to use. For a description of each policy setting, see the following table.

  4. Click Save.

The following table lists the password policy options.

 

Policy option Description

Minimum password length

The minimum number of characters for a password.

Maximum password length

The maximum number of characters for a password.

Maximum password age for administrators (days)

The number of days before administrator passwords expire.

Maximum password age for users (days)

The number of days before user passwords expire.

Allow password reuse

Specifies that users can use their existing passwords when they are prompted by the service to create a new one. By default, users must create unique passwords for each mandatory password change.

Allow only alphanumeric characters

Specifies that all passwords must contain letters, numbers, or a combination of both. By default, user passwords are not required to contain letters or numbers.

Require a mix of uppercase and lowercase letters

Specifies that users must use both uppercase and lowercase letters in passwords. By default, user passwords must contain any combination of lowercase and uppercase letters.

Allow duplicate, consecutive characters

Specifies that users can use the same character consecutively in a password. By default, no duplicate consecutive characters are permitted.

Allow user name as password

Specifies that users can set their own user name as their password. By default, users cannot set their user name as their password.

Allow reversed user names in passwords

Specifies that users can use a reversed version of their user name as their password. By default, users cannot use a reversed version of their user name as their password.

To update your password policy, you can edit your existing policy or delete it and create a new one.

To edit an existing password policy
  1. In the Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Security pane, next to Password Policy, click Edit.

  3. In the Password Policy dialog box, update the password policy settings, and then click Save.

  4. Click Save.

To delete a password policy
  1. In the Administration Center, click the Administration tab, and then click the Company tab.

  2. In the Security pane, next to Password Policy, click the delete icon.

  3. When prompted, click OK to confirm your deletion.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft