Segmenting Your Microsoft 365 Global Address List for Multi-Domain Organisations
Segmenting Your Microsoft 365 Global Address List for Multi-Domain Organisations In an era where mergers, acquisitions and multi-academy consolidations are commonplace, centralising multiple domains into a single Microsoft 365 tenant delivers undeniable efficiencies in security, licensing and administration. Yet with consolidation comes the hidden risk of an unwieldy Global Address List (GAL) – a single directory that exposes every mailbox, group and resource across your entire tenant. For an education trust of a dozen schools, this can mean a teacher accidentally emailing safeguarding records to the wrong academy. For a merged enterprise, it may result in sensitive financial forecasts landing in a newly acquired subsidiary’s inbox. This article presents a fully-up-to-date approach – using native Exchange Online Address Book Policies (ABPs) – to carve a monolithic GAL into secure, domain or division specific views You’ll gain: An understanding of why a single GAL poses security, compliance and productivity challenges A clear description of ABP components and their interplay Detail and plain-English explanations of PowerShell implementation patterns Expanded sections on Security & Compliance, Extending Segmentation into Teams and Beyond, and Governance Wherever possible, I’ve drawn directly from Microsoft’s latest documentation to ensure accuracy. Why a Single GAL Becomes a Liability Many organisations believe a centralised directory is inherently beneficial: one search bar to rule them all. In practice, users endure information overload when they must sift through hundreds or thousands of irrelevant entries to find a colleague or resource. Worse, autocomplete treats internal and external addresses the same, so a slip of the finger can expose confidential data to unintended recipients. For multi-academy education trusts, safeguarding student information is non-negotiable. A misplaced click can send pupil assessment data or pastoral notes to the wrong school, risking GDPR breaches and parental complaints. In corporate scenarios – say, a company acquiring a competitor – financial controllers might inadvertently share year-end bonus details with executives of the acquired entity. These are not hypothetical concerns; every mis-addressed email carries reputational damage, regulatory fines and erosion of stakeholder trust. IT helpdesks bear the brunt of this chaos, fielding reported incident tickets such as “Why can’t I find Mrs Jones in my academy?” or “Why am I seeing rooms from the finance department?” These repetitive queries divert valuable IT capacity from strategic projects – be it rolling out a new learning-management system or deploying advanced security analytics. As tenant scale grows, so too do the hidden costs of a monolithic GAL. Address Book Policies: Virtual Segmentation Rather than fragment your environment into separate tenants – an approach that multiplies licences, security boundaries and operational overhead – Exchange Online’s Address Book Policies (ABPs) offer a “virtual partition” within your existing tenant. An ABP bundles together four filtered directory view components so that users see only the objects assigned to their business unit or academy all while retaining centralised governance and compliance controls. At its core, an ABP comprises: A Global Address List (GAL) scoped by a recipient filter, defining which mail-enabled objects appear in name-resolution requests. An Offline Address Book (OAB) downloaded by Outlook clients in cached mode, ensuring offline users browse the same filtered directory. A Room List, for filtering resource mailboxes (meeting rooms, shared equipment) to prevent cross-unit booking conflicts. Custom Address Lists, enabling category-based browsing (e.g. by department or faculty) within the defined scope. By tagging mailboxes using a custom attribute or SMTP domain suffix you drive these filters automatically, so new users immediately inherit the correct ABP without manual reassignment. The Address Book Policy Routing agent further enforces isolation by marking out-of-scope lookups as “external” ﹘ preventing misleading “internal” display names in autocomplete once you enable it with: Set-TransportConfig -AddressBookPolicyRoutingEnabled $true Dissecting the Four ABP Pillars Global Address List (GAL) When a user types a name into the To: field in Outlook or OWA, the directory lookup consults the GAL. A domain-specific GAL (e.g. GAL_Contoso) ensures that Division A staff resolve only their own colleagues, distribution lists and contacts. This scoping is driven by a recipient filter, most commonly mapping CustomAttribute1 to a division code, such as “Contoso”. Offline Address Book (OAB) Outlook’s cached-mode clients download the OAB every eight hours by default. When you create an OAB that points to the same filtered GAL and address lists (e.g. OAB_Contoso), offline users maintain the same segmented experience even when disconnected from the network. This is critical for remote or bandwidth-constrained environments where cached-mode Outlook is the norm. Room List Resource mailboxes (meeting rooms, hot desks, equipment) often clutter the global directory. By creating a Room List object filtered on both the RecipientDisplayType (e.g. ConferenceRoomMailbox) and your division tag, you surface only the relevant rooms in meeting-room pickers preventing double bookings and administrative friction across units. Custom Address Lists Under each GAL, you can present one or more Custom Address Lists for instance, “Finance Teams” or “Faculty Staff” using the same division filter. These lists appear as categories in Outlook’s address-book pane, enabling structured browsing rather than free-form search. Together, all four components weave a seamless, tailored directory experience for each business unit. Security & Compliance: Fortifying Your Boundaries Segmentation does more than improve usability – it underpins your security and compliance strategy with multiple, reinforcing controls. Data Loss Prevention (DLP) becomes markedly more precise With a monolithic GAL, DLP policies must blanket the entire tenant, triggering false positives when users legitimately email across divisions. By contrast, ABP segmentation lets you craft targeted DLP rules that apply within each directory silo. For example, exam results can circulate freely within an academy but are blocked when addressed outside its ABP, sharply reducing administrative overhead in policy tuning and alert triage. eDiscovery and legal-hold scenarios Segmented GALs shrink your search scope. Compliance officers can restrict Content Searches to a single ABP, slashing processing time and data volumes. In education trusts, this ensures that subject-access requests remain tightly confined to the relevant academy, a critical requirement under GDPR and UK data-protection regulations. Auditability improvement Exchange’s Admin Audit Logs record
Mental Health – Beyond the Stigma – Extract: The Garden Within Us
Mental Health – Beyond the Stigma – Extract: The Garden Within Us About This PostThis extract is part of my ongoing work on the book currently entitled “Mental Health – Beyond the Stigma”, featuring Chapter 1: Understanding Mental Health: From Perception to Reality. Please bear in mind that these words are still in draft form and may evolve as the manuscript develops. Thank you to everyone who first joined the conversation on LinkedIn – your messages and comments helped launch this project, and I’m delighted to have ticked “launch a website” off my bucket list. I hope this and future extracts will excite and inspire you. Thank you,Mark Tonks 🪴 Chapter 1 Extract: The Garden Within Us When it comes to understanding mental health, metaphors can be more powerful than definitions. They allow us to connect emotionally with something that otherwise feels abstract. And among all the metaphors used to describe mental wellbeing, none is more fitting, more visual, or more universally understood than that of a garden. Imagine your mind as a garden As a child, many of us were taught how to plant seeds, water the soil, and watch something grow. We felt the excitement of seeing the first sprout push through. Gardens were magical then – full of colour, bugs, smells, and potential. As we grow older, we often forget that magic, treating our inner world like a machine to maintain, rather than a living space to nurture. But a garden never stops being a garden, even when neglected. It doesn’t lose its potential, it just waits. Some days, your inner garden blooms with energy and hope. On other days, it may be tired, dry, or overrun with weeds like anxiety, self-doubt, or burnout. There are seasons when things flourish, and seasons when things feel still. That stillness isn’t a failure. It’s part of the cycle. Like a real garden, your mental health doesn’t thrive by accident. It requires attention. Regular check-ins. Time. Support. Sometimes, it needs pruning – letting go of thoughts or environments that no longer serve you. Other times, it needs shade and rest, not more sunlight and hustle. “A garden requires patient labour and attention. Plants do not grow merely to satisfy ambitions or to fulfill good intentions. They thrive because someone expended effort on them.” — Liberty Hyde Bailey, botanist and educator This metaphor gives us permission to be tender with ourselves. To recognise that thriving doesn’t mean blooming every day. It can mean holding steady. It can mean holding on. A child may understand this easily. They watch nature closely. They see that even the smallest seed needs time. Teenagers, who may be feeling the overwhelming pressure to be ‘okay’ all the time, can benefit from this metaphor, too. It says: You are growing, even when you feel stuck. Adults, caught up in routines and roles, often lose sight of their inner soil. We expect ourselves to function endlessly, to produce, perform, and cope without pause. But nothing in nature works that way. Everything needs downtime. Too often, we only notice our mental health when it’s in decline; when burnout takes hold, when anxiety chokes our breath, when we find ourselves retreating from the things that once brought joy. But a gardener doesn’t just water plants when they’re dying. They check the soil, feed it regularly, and pull out weeds before they take over. 📊 Surprising Thought: According to the Royal Horticultural Society, gardening has been shown to reduce symptoms of depression and anxiety, improve concentration, and increase overall feelings of wellbeing. This applies not just to physical gardens, but also to the metaphorical one we carry inside. Source: RHS, UK Gardening for Health studies (2021) Tending to our mental health is not a crisis-response activity. It’s an ongoing relationship; one that requires daily attention, even in small ways. It might be choosing rest over productivity. Saying no instead of yes. Reaching out before the silence becomes too loud. Or planting a new routine – no matter how small – that makes space for reflection or joy. In chapter 1, I explore how to recognise when your internal garden needs care, how to identify the weeds that may be draining your energy, and how to honour the unique ways your mental health responds to the seasons of your life. When we learn to tend our garden with intention, we don’t just survive – we begin to grow, and more than that, we create spaces where others feel safe to grow alongside us…………. Mark Tonks aka. SharePointMark Microsoft Solution Architect, Senior Project Manager, and Mental Health Advocate Mark Tonks My Personal Favourites Business Links Primary Technology Ltd Helping customers to succeed through the use of IT, connectivity and communication tools. Visit their Website Vantage 365 Ltd To unlock the full potential of organisations through the implementation and exploitation of Microsoft technologies Visit their Website Cielo Costa Our success comes not just from what we do, but how and why we do it. Visit their Website iThink 365 Building great solutions that solve business problems and tackle the productivity crisis Visit their Website 365Tribe Assist companies in maximising their Microsoft 365 licenses while also inspiring individuals to improve their productivity, collaboration skills, and enjoyment at work. Visit their Website Counsellor who Cares Whether you’re struggling with eating disorders or other mental health challenges, our dedicated bespoke Eating disorder treatment will guide you on your journey. Visit their Website Saltaire Training Company Adult and Youth Mental Health First Aid Courses which are accredited by the Department of Public Health Visit their Website Thrive in Mind Our mission is to provide proactive, preventative, and evidence-based mental health solutions that empower employees and foster resilient, thriving workplaces. Visit their Website Primary Technology Ltd Helping customers to succeed through the use of IT, connectivity and communication tools. Visit their Website Vantage 365 Ltd To unlock the full potential of organisations through the implementation and exploitation of Microsoft technologies Visit