Migrating my Domain to Microsoft 365

One of my most recent projects brought forward a change I’ve been thinking about for quite a while now. I wasn’t entirely satisfied with the way my domain mailing system was previously set up, and the email system lacked a lot of granular control that I like to have in my mailbox. So I decided it was time to start my own Microsoft 365 tenant. The setup was relatively simple for me, I just connected my domain, validated the change in the 365 admin portal, and being on the scale of my homelab, the cost was surprisingly affordable, given the sheer level of administrative control I was getting in return. The minimal cost approach still granted me global admin privileges; access to the Azure suite, Exchange, Purview, Entra, Intune, and pretty much everything you would get in a managed corporate environment. This allows me to expand what I’m able to do in my domain and homelab exponentially, and in this article, I’ll just touch on some of the ways I’ve refined things, specifically with upgrading my mailflow, with a focus on bolstering security, effectively providing corporate-grade security tools for my personally managed email.

Initial setup of my tenant was relatively easy, I had everything provisioned, connected, and hardened to best practices within about three hours. First and foremost, I integrated my domain emails into my tenant and turned them into shared mailboxes. With the way 365 is managed, I can puppet any of those anytime I require, to receive and send emails. I also set up some mailflows with distribution lists, so certain critical emails wouldn’t be missed, and I could set up automation to flag these and bring them directly to my attention as required. For any mailing lists, or those pesky “please give us your email to receive a 10% discount” traps you encounter in day to day life that firebomb your email once you hand it out (especially when you do want the discount, but don't want the consequences that come with an even more cluttered inbox), I also have a dedicated shared mailbox, where those can marinate in purgatory without disturbing my actual workflow or clogging my inbox.

The most significant change, however, is the fact that I can now use my Tenant Allow/Block List (TABL) to literally block scam/phishing emails and entire domains from my entire tenant, at the demarcation point, before it ever even hits my junk folder. I also have Defender policies that can sniff headers automatically now and flag alerts if an email has been spoofed (ie: someone claims to be me, saying they “hacked” my account <haha, cute>, and demands a ransom to leave me alone). 365’s Defender suite will place an exclamation logo and make it obvious at a glance now that the email header and domain do not match. Also, logins can be audited and such claims can now be investigated on a forensic level.

I’ve also set [EXTERNAL] flags for all emails originating outside my tenant to further bolster security, so I can identify immediately if a so-called “hacker” just spoofed an email off my domain, or if I actually need to investigate potential compromise with a deeper audit. And as for those pesky mailing lists? I have them routed into a centralized folder now, with a 14 day retention policy, so I can purge them automatically, keeping my inbox clean and breathable. If I want to go read about some big box store's latest hot picks and deals? I’m sure I can get what I want out of those flyers within 14 days’ time.

Now let’s get real here, most businesses pay an MSP thousands or tens of thousands of dollars every year to handle the kind of architecture I’ve spun up in my homelab environment with my industry experience managing 365 tenants for other companies, and a Sunday night idea that had popped into my head. And ironically, some companies will even get a great deal of friction from their MSP when they ask for internal access to their own tenant, while I’m out here as a one-man team making things happen and moving the needle when it comes to making both my personal life easier, and giving myself a full lab to experiment with, so I can test things that help me develop professionally, without breaking any production systems at work. This is the beauty of homelab experimentation, the sky is literally the limit. I may not run my own full-scale business, but I am absolutely benefitting from an ever-growing tech stack that could be considered enterprise-grade at scale.