Scenario
You are looking to Integrate and deploy Signature 365 and want to understand the best practices for this process.
Solution
The following article details the best practices followed by Symprex support staff where possible as part of the setup and integration process with Microsoft 365, and the deployment of software to deploy signatures to your users.
Integration with Microsoft 365
Signature 365 requires integration with your Microsoft Entra directory, installing an Enterprise Application that grants access to read user and group attributes.
Using OAuth 2.0 Signature 365 never needs to know your credentials, with only an access token securely stored on our servers.
An account with Global Admin or permission to create an Enterprise application on the Entra ID Tenant is required for this process. We recommend using a Global Admin account to prevent any issues with setup.
User import
Generally, we recommend importing all users for a tenant where this is viable. As a user only consumes a licence when a rule is matched, this means that it is possible to import all existing Entra ID groups for the purpose of rule matching.
When importing individual groups we recommend creating specific groups for import, as the specified group can be easily used for the server-side injection mailflow rule.
Managing Teammate accounts
Teammate accounts can be secured with Microsoft 365 Single Sign-On (SSO). We recommend enabling SSO login for your users to ensure any security and MFA policies enforced by your organisation are applied to your users.
In cases where SSO login through Microsoft 365 is not available or desired, Teammate accounts should have Signature 365 two-factor authentication enabled for additional security.
Template design
Care should be taken with template design due to differing HTML and CSS standards supported by different email clients and versions of Outlook.
All Classic Outlook versions are limited to supporting a subset of the HTML 4 standard. New Outlook, OWA and Outlook for Mac support more of the HTML standard, as do other email clients. We recommend using caniemail.com to determine if your Outlook installations support the HTML and CSS features used.
We recommend designing templates and testing across the versions of Outlook that are used across the installation base, paying attention to the rendering in each version.
Where possible we recommend using the HTML source editor for complex template designs, or where specific layout requirements need to be met.
HTML source editing allows exact definitions for layout, element sizes etc that are not possible within the visual editor due to compromises required to enable users without HTML experience to design signatures.
All modifications to customer signatures made by the Symprex support team are generally performed in the Source editor.
Signature Rules
It is recommended to assign signatures based on group membership where possible and to avoid assigning individual users to reduce the number of rules and make management of the solution easier. This will also help to identify the rules that a user is assigned to more easily.
Signature 365 can be used to grant users the ability to choose if fields (such as Pronoun, Mobile device) are displayed in signatures without requiring this to be managed by admin users. Please see Using Custom Fields for more information on this.
Conditional statements can then be used within templates to determine if the data should be displayed for the user.
In most cases we recommend using this functionality to reduce the number of required templates, reducing the complexity of rule assignment.
Deploying client-side software
When using Office 365, Symprex strongly recommends using the modern add-in to interact with Signature 365. The add-in offers several features such as the editing of custom fields, internal/external recipient checking, and the immediate delivery of updates to signature templates.
We recommend deploying the add-in to all users within the organisation through the Integrated Apps component of the Microsoft Admin Centre.
The add-in is deployed to all versions of Office (Classic & New on Windows, OWA, Mac and Mobile) for a user and requires no additional steps to deploy.
As Signature 365 relies on the Admin Centre to deploy the add-in, delays in add-in deployment can be avoided by deploying to all users before rules are created. As the add-in will not interact with Outlook if the user does not match a rule, this allows the add-in to propagate to Outlook devices.
Once ready to implement, creating or enabling a rule will trigger the add-in for the next email, taking precedence over the inbuilt Outlook Signature function and inserting the signature defined in the portal.
Where perpetually licenced (2016 / 2019 / 2021) Outlook is in use on desktop devices, the Signature 365 Agent must be used to automatically insert signatures. We recommend disabling Classic Outlook integration for the add-in in this circumstance, as this will allow these users to receive signatures through the add-in on supported Outlook versions.
Outlook Add-in Configuration
In both cases, Symprex recommends using the Symprex Email Signature Utility to remove existing signatures from Outlook.
Managing personal signatures, fonts and stationery for classic Outlook desktop
Informing your users
Whilst the Signature 365 add-in is designed to be simple to use, we recommend advising users how the Signature 365 Add-In functions, and how to use the software. Documentation at the link below details this information, along with details on using custom fields and other functionality, such as applying an additional signature.
Signature 365 User Guides