, , , , , , , , , , , , , ,

Office 365 App Password with MFA | HowTo | 1 of 2

Part One | Part Two

If you’re using Multi-Factor Authentication for your organisation, and want to use applications which connect to your Office 365 account, you will need to create an Office 365 App Password. This is to enable the App to connect to Office 365. For example, if you’re using Outlook 2016 or earlier, Apple Mail App, Skype for Business or any other third party client with Office 365, you’ll need to create an App Password.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

 

Thankfully, creating an Office 365 App Password is really easy to do, if a little hard to find.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Office 365 App Password Portal Login Step One

    Office 365 Portal Login Step One

  2. Click on View account:

    Office 365 View Account App Password Step Two

    Office 365 View Account Step Two

  3. Click on Manage Security & Privacy:

    Manage Office 365 App Password Security Privacy Step Three

    Manage Security & Privacy Step Three

  4. Click on Additional security verification:

    Office 365 App Password Security Privacy Step Four

    Additional Security Verification Step Four

  5. Click on Update your phone numbers used for account security:

    Office 365 Update Numbers App Password Step Five

    Update Numbers Step Five

  6. Click on app passwords:

    Office 365 Select App Passwords Step Six

    Select App Passwords Step Six

  7. Click on create:

    Create Office 365 App Password Step Seven

    Create Office 365 App Password Step Seven

  8. Enter a Name in the box, something unique is recommended. I usually name the client application the App Password is associated with. In the example below I have used Apple Mail App. Click next:

    Name Office 365 App Password Step Eight

    Name Office 365 App Password Step Eight

  9. Now either copy by selecting the line, taking care not to pick up any spaces or other characters, or click on copy password to clipboard. You can now use this App Password in your client application, such as Apple Mail App, Thunderbird, iPhone, iPad. Take care as this is the only time you will see Your app password. They cannot be viewed or changed once you click close:

    Copy Office 365 App Password Step Nine

    Copy Office 365 App Password Step Nine

  10. When you Enrolled in Multi-Factor Authentication you were given an initial App Password. I recommend deleting the initial app password, in favour of creating individually named App Passwords. This allows you to ensure each device or client is separate, which is more secure and easier to manage when you want to remove authentication. Click Delete:

    Delete Office 365 App Password Step Ten

    Delete Office 365 App Password Step Ten

  11. Confirm you want to delete the App Password and click Yes:

    Confirm Delete Office 365 App Password Step Eleven

    Confirm Office 365 App Password Step Eleven

  12. The App Password has been successfully deleted. Click close:

    Change Office 365 App Password Step Twelve

    Change Office 365 App Password Step Twelve

  13. That’s it. You now have an App Password for your Apple Mail App. Repeat steps 7, 8 and 9 to create additional App Passwords.

    Review Office 365 App Password Step Thirteen

    Review App Password Step Thirteen

In Part Two, coming soon, I will demonstrate how you can add your App Password to a variety of clients and devices, including Apple Mail App, iPhone, iPad and Outlook 2016.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Azure Multi-Factor Authenticator App | HowTo | 3 of 3

Part One | Part Two | Part Three

Azure Multi-Factor Authenticator App: In Part One I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

In Part Two I covered:

  • Enrol Accounts for Office 365 Multi-Factor Authentication

Once Office 365 Multi-Factor Authentication has been enabled and the users enrolled it is sensible for your users to install the Microsoft Authenticator App. The App can be downloaded for a number of devices:


Once the Azure Multi-Factor Authenticator App has downloaded and installed on your device.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Azure Multi-Factor Authentication Portal Step One

    Azure Multi-Factor Authentication Portal Step One

  2. Click on View account:

    Azure Multi-Factor Authentication Step Two

    Azure Multi-Factor Authentication Step Two

  3. Click on Security & Privacy:

    Azure Multi-Factor Authentication My Account Step Three

    Azure Multi-Factor Authentication My Account Step Three

  4. Click on Additional security verification:

    Azure Multi-Factor Authentication Security Privacy Step Four

    Azure Multi-Factor Authentication Security Privacy Step Four

  5. Click on Update your phone numbers used for account security:

    Azure Multi-Factor Authentication Additional Security Verification Step Five

    Azure Multi-Factor Authentication Additional Security Verification Step Five

  6. Select the Authenticator app tick box:

    Azure Multi-Factor Authentication Security Verification Options Step Six

    Azure Multi-Factor Authenticator App Security Verification Options Step Six

  7. While you are here you can add in the Alternate authentication phone. Click Configure:

    Azure Multi-Factor Authentication Security Verification Details Step Seven

    Azure Multi-Factor Authenticator App Security Verification Details Step Seven

  8. You should see the Configure mobile app message box:

    Azure Multi-Factor Authentication Retrieving App Step Eight

    Azure Multi-Factor Authenticator App Retrieving App Step Eight

  9. The Configure mobile app QR code will now display:

    Azure Multi-Factor Authentication Configure App Step Nine

    Azure Multi-Factor Authenticator App Configure App Step Nine

  10. Open your Authenticator App on your device. The example below is from an iPhone. Select the plus + sign in the top right:

    Azure Authenticator App for iPhone Step Ten

    Azure Authenticator App for iPhone Step Ten

  11. Select Work or school account:

    Azure Authenticator App for iPhone Account Step Eleven

    Azure Authenticator App for iPhone Account Step Eleven

  12. Point the camera of your device at your screen to detect the QR code. If you receive a notification to allow the App access to your camera, select Allow. Otherwise select the Or enter code manually:

    Azure Authenticator App for iPhone QR Code Step Twelve

    Azure Authenticator App for iPhone QR Code Step Twelve

  13. You should now have a new account:

    Azure Authenticator App for iPhone Complete Step Thirteen

    Azure Authenticator App for iPhone Complete Step Thirteen

  14. The activation status will now be checked:

    Azure Multi-Factor Authentication Checking Status Step Fourteen

    Azure Multi-Factor Authentication Checking Status Step Fourteen

  15. Click Save:

    Azure Multi-Factor Authentication App Configured Step Fifteen

    Azure Multi-Factor Authentication App Configured Step Fifteen

  16. Click Verify preferred option:

    Azure Multi-Factor Authentication Configure App Step Sixteen

    Azure Multi-Factor Authentication Configure App Step Sixteen

  17. You should now see the Verifying app notice:

    Azure Multi-Factor Authentication Verifying App Step Seventeen

    Azure Multi-Factor Authentication Verifying App Step Seventeen

  18. Open the Authenticator App on your device. Enter the code in the verification code box. The code will change every thirty seconds. Click Verify:

    Azure Multi-Factor Authentication Verification Code Step Eighteen

    Azure Multi-Factor Authentication Verification Code Step Eighteen

  19. If you receive a Verification failed error it’s most probably because you were too slow:). Click Retry and repeat steps 16, 17 and 18:

    Azure Multi-Factor Authentication Verification Failed Nineteen

    Azure Multi-Factor Authentication Verification Failed Nineteen

  20. Once successful you will see an Updates successful notice. Click Close:

    Azure Multi-Factor Authentication Setup Success Step Twenty

    Azure Multi-Factor Authentication Setup Success Step Twenty

  21. That’s it. You will now be returned to the Portal home page. I recommend using the Notify me through the app option by going through steps 1 to 5 to return to:

    Azure Multi-Factor Authentication Select Option Step Twenty One

    Azure Multi-Factor Authentication Select Option Step Twenty One

In order to test, log out of the portal then log back in. You will be prompted for your verification code or your device will notify you that verification is required depending upon which option you chose.

One final task is to create and assign App Passwords, which I will cover in two future posts: Office 365 App Password | HowTo | 1 of 2

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Office 365 Multi-Factor Authentication | HowTo | 2 of 3

Part One | Part Two | Part Three

Office 365 Multi-Factor Authentication: In Part One of Three I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

The next phase of the process is to enrol the user for Office 365 Multi-Factor Authentication.

Enrol Accounts for Office 365 Multi-Factor Authentication

Once the attribute has been enabled for their account via an administrator, the user now needs to register for . The user should sign in as normal:

  1. Log in to the portal here: https://portal.office.com using using their username and password. Click Sign in:
    Office 365 Multi-Factor Authentication Login Step One

    Login Step One

  2. The user will now see the below asking them to further verify their account. Click Set it up now:
    Office 365 Multi-Factor Authentication Set-Up Step Two

    Exchange Online MFA Set-Up Step Two

  3. The user will now see two drop-down option boxes. The first for the method and the second for location:
    Office 365 Multi-Factor Authentication Verify Step Three

    Office 365 MFA Verify Step Three

  4. I recommend using the Authentication phone option as we will assume the user has no contact details added in their profile. This allows them to select the country and set the number the text or call verification is sent to. Click Select you country or region, select the appropriate one for you. Enter your number to be contacted, the example is 123456789. Select the Send me a code by text message or Call me., the example is text message. Click Contact me:
    Office 365 Multi-Factor Authentication Verify Step Four

    Azure MFA Verify Step Four

  5. You will now be taken to Step 2, confirming that a text message has been sent to the telephone number with the country code you completed in 4 above.
    Office 365 Multi-Factor Authentication Send Text Step Five

    Exchange Online MFA Send Text Step Five

  6. You will receive a text message on your phone within 60 seconds. If you do not receive the verification code text, please check the number displayed in 5 above:
    Office 365 Multi-Factor Authentication Verify Code Step Six

    Office 365 MFA Verify Code Step Six

  7. Use the code from 6 and enter it in to the box, the example below is 373318. Click Verify:
    Office 365 Multi-Factor Authentication Add Code Step Seven

    Azure MFA Add Code Step Seven

  8. You have now verified your identity and will be given an App Password which can be used to access your email using an application, such as the Apple Mail App. I will cover App Passwords in more detail in Part Three. Click Done:
    Office 365 Multi-Factor Authentication Initial App Password Step Eight

    Exchange Online MFA Initial App Password Step Eight

  9. If this was a new user with a temporary password they will need to update their password and Sign in. Enter the Current passwordNew password and Confirm (new) Password:
    Office 365 Multi-Factor Authentication Password Update Step Nine

    Azure MFA Password Update Step Nine

  10. Click Update password and sign in:
    Office 365 Multi-Factor Authentication Password Update Step Ten

    Office 365 MFA Password Update Step Ten

  11. If you have self-service password recovery enabled will now need to enter additional information in order to recover access to your account. Click Next:
    Office 365 Multi-Factor Authentication Password Authorisation Step Eleven

    Azure MFA Password Authorisation Step Eleven

  12. Select the Authentication email Set it up now:
    Office 365 Multi-Factor Authentication Password Authorisation Step Twelve

    Exchange Online MFA Password Authorisation Step Twelve

  13. Enter an email address that you have access to, such as your personal email address. You cannot add any email domains which are associated with your Exchange Online Tenant as this needs to be unique to the user. Click email me:
    Office 365 Multi-Factor Authentication Password Additional Verification Step Thirteen

    Azure MFA Password Additional Verification Step Thirteen

  14. You will now receive a verification code via email to the address you entered in 13:
    Office 365 Multi-Factor Authentication Email Confirmation Step Fourteen

    Office 365 MFA Email Confirmation Step Fourteen

  15. Enter the code you received in 14 in the box, in the example the code is 836919. Click verify:
    Office 365 Multi-Factor Authentication Code Confirmation Step Fifteen

    Azure MFA Code Confirmation Step Fifteen

  16. We now need to set the Authentication phone. Select Verify:
    Office 365 Multi-Factor Authentication Phone Verify Step Sixteen

    Exchange Online MFA Phone Verify Step Sixteen

  17. In this step you will verify the number you used in 4. Click text me:
    Office 365 Multi-Factor Authentication Text Verify Step Seventeen

    Azure MFA Text Verify Step Seventeen

  18. You will receive a text message on your phone within 60 seconds:
    Office 365 Multi-Factor Authentication Text Verify Step Eighteen

    Office 365 MFA Text Verify Step Eighteen

  19. Use the code from 18 and enter it in to the box, in the example the code is 242564. Click Verify:
    Office 365 Multi-Factor Authentication Text Verify Step Nineteen

    Azure MFA Text Verify Step Nineteen

  20. You have now created two forms of verification and your account recovery details. Click finish:
    Office 365 Multi-Factor Authentication Verify Complete Step Twenty

    Exchange Online MFA Verify Complete Step Twenty

Enrol Authenticator App for Azure Multi-Factor Authentication

To enrol your user account for Office 365 Multi-Factor Authentication App and create App Passwords, continue to Part Three.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Exchange Online Multi-Factor Authentication | HowTo | 1 of 3

Part One | Part Two | Part Three

Exchange Online Multi-Factor Authentication: We’ve covered the notion of two-factor authentication (2FA) and Exchange Online multi-factor authentication (MFA) before, especially how you MUST enable it for sensitive accounts. I include all IT users, especially those with administrative access, plus any senior management user within the organisation, such as the MD/CEO as their email is sensitive enough to justify Exchange Online Multi-Factor Authentication.

Two-factor authentication (2FA) or multi-factor authentication (MFA) has been available in Office 365 for many years, but you must manually enable it for your users. Microsoft’s Authenticator App for Android, iOS, and Windows Phone means it is simpler than ever to execute MFA by using push notifications for verifying, instead of users typing in six digit codes.

Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many options on how they are going to connect, and stay connected, at any time. Office 365 Multi-Factor Authentication and Exchange Online Multi-Factor Authentication through Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.

People can securely access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.

  • Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:
    Something you know, a password for example
    Something you have, typically a trusted device that is not easily duplicated, like a phone
    Something you are, such as biometrics
  • It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.
    This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
  • Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.
    This means the burden of implementation is reduced and users are keen to adopt.
  • Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.
    This means that protection is can be extended to your high-volume, mission-critical services.
  • Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.
    This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  • With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.
    This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

I use Azure MFA with Microsoft ’s OneDrive for Business, SharePoint Online, Office 2016 desktop Apps (I’m not confessing the use of Outlook 2016), mobile Office apps and Skype for Business all on Mac, Windows 8, Windows 10 and iOS and found no issues. However, there are services that need an App Password or are incompatible, so make sure you review all the software and services in use in your organisation. I’ll cover the use of App Passwords in Part 3 of 3.

It is important to note that previously administrative accounts were unable to use PowerShell with Azure multi-factor authentication enforced for the account. Microsoft recommended creating a special account for each admin user to access PowerShell for Office 365 and Exchange Online and that these accounts should be disabled when not in use. Which is clearly ridiculous, so earlier this year they fixed it with the Exchange Online Remote PowerShell Module! You will need to ensure that Modern Authentication is enabled in your Exchange Online tenant before you can use the module.

You must enable Modern Authentication to support Outlook 2016 and Outlook 2013 clients.

Enable modern authentication in Exchange Online

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. By default, modern authentication is NOT enabled in Exchange Online, however, you can enable it:

  1. Connect to Exchange Online PowerShell:
    To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you open by selecting Run as administrator):

    Set-ExecutionPolicy RemoteSigned 

    You need to configure this setting only once on your computer, not every time you connect.

  2. Run the following command:
    $UserCredential = Get-Credential 

    In the Windows PowerShell Credential Request dialog box, type your Office 365 user name and password, and then click OK.

  3. Run the following command.
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection 

  4. Run the following command:
    Import-PSSession $Session
  5. Run the following command in Exchange Online PowerShell:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  6. To verify that the change was successful, run the following command in Exchange Online PowerShell:
    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

When you enable modern authentication in Exchange Online, Microsoft recommend that you also enable it in Skype for Business Online. For instructions, see SkypeModernAuth. Modern authentication is enabled by default in SharePoint Online.

Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

Log in to the Office 365 admin portal here: https://portal.office.com using an administrator account.

1. From the menu on the left of the portal, expand Users and click Active users:

Office 365 Multi-Factor Authentication Admin Portal Step One

Office 365 MFA Admin Portal Step One

2. In the list of users, click the user you want to enable MFA. Only licensed users can use Office 365 Multi-Factor Authentication. On the user’s pane, click Manage multi-factor authentication under More settings:

Exchange Online Multi-Factor Authentication Select User Step Two

Exchange Online MFA Select User Step Two

3. From the multi-factor authentication display, select the user account to enable, and then click Enable under quick steps on the right:

Office 365 Multi-Factor Authentication User Step Three

Office 365 MFA User Step Three

4. In the About enabling multi-factor auth dialog box, click enable multi-factor authentication:

About Enabling Multi-Factor Authentication Step Four

About Enabling Azure MFA Step Four

5. You should see a dialogue with Enabling multi-factor Authentication:

Azure Enabling Multi-Factor Authentication Step Five

Enabling Azure MFA Step Five

6. Click close when you see Updates successful:

Azure Updates Successful Multi-Factor Authentication Step Six

Updates Successful for Azure MFA Step Six

The Multi-Factor Authentication Status column for the user will change to Enabled. Sign out from the admin portal and close the browser window.

Enrol Accounts for Office 365 & Exchange Online Multi-Factor Authentication

To enrol your user account for Office 365 Online Multi-Factor Authentication, continue to Part Two.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , ,

Office 365 Email Signature Management with Mail Flow Rules [Part 2: Apply the Rule]

We covered the reasons why you should include an email signature, and what information you should include in the previous post. However, Office 365 Email signature management is made possible with the application of mail flow rules. This enables the functionality to append email signatures at the server side, meaning that you get consistently applied signatures no matter what device you’re sending from. This enables company-wide standardisation and brand consistency.

You will need:

  1. Office 365 Email Signature
  2. Admin access to exchange mail flow rules
  3. A signature/disclaimer encoded in html/css, with no more than 5000 characters (If you would like to know how to create one, read this post and follow the instructions.)

Step 1: Accessing Mail Flow Rules

  1. In the top left corner, open apps, and hit Admin.

How to access email signature mail flow rules in Office 365.

2. Then navigate to the Exchange admin centre.

How to access mail flow rules in Office 365.

3. Navigate to rules within the mail flow section.

How to access mail flow rules in Office 365.

Hit the plus icon and then create a new rule in the dropdown menu.

Office 365 Email Signature.

Office 365 Email Signature.

A new window will open with several options.

Step 2: Creating a Mail Flow rule for the Office 365 Email Signature

The new window that just opened should look like the following:

Office 365 Email Signature

Office 365 Email Signature

Let’s go through the options in order.

    1. Firstly you will be asked to name this rule. It’s good practice to keep things organised. I suggest calling it something like “disclaimer” or “signature”.
    2. The next section is the “apply this rule if…” which is the section that controls what conditions need to exist for a signature to be appended. Select your preferred combination or, to cover all emails sent from within your organisation, select “The sender… is internal”.
    3. The next section, “do the following” asks you to select an action. You should select append a disclaimer, whereupon you should click on enter text, then paste in your html code.

The key part of this is the coded signature itself. An Office 365 email signature needs to be simple and lightweight as email clients are notorious for resizing and squashing email signatures. For more information on how to create a signature click here.

  1. Next is a checkbox that asks “Audit this rule with severity level”. It’s up to you if you check this or not. The implication is that if checked, the rule will appear in reports and message traces. For more information click here.
  2. Next it asks you to choose a mode for this rule. Select the radio button marked enforce. This option controls whether the rule will appear in message traces, which helps if you’re troubleshooting.
  3. Click save.

Your new rule should appear within the list. You may need to promote or demote the priority of the rule using the arrow buttons, in case your signature rule conflicts with another rule.

Rules sometimes take a few minutes to propagate but eventually you will start to see a signature or disclaimer applied to your emails.

Step 3: Add Exceptions to the rule

You may want your signature to apply only in certain situations or for certain users. Mail flow rules are flexible. There are a range of conditions and exceptions you can use to tailor the rule so that it applies only when you want it to.

To prevent a stack of identical signatures at the bottom of your emails, you can insert an exception. Choose a unique word or phrase within your email signature. For example, your company registration number or part of the address. Edit your rule to include an exception, select “the subject or body matches…” and then enter a unique phrase included within your signature.

By doing this, the rule knows that a signature has already been applied before, so it doesn’t apply it every time a new email is sent.

If some staff need to be excepted from having a signature on their emails. Add an exception for the sender and add the individuals or groups you want excluded from the rule.