Group Office combines email, calendar, files, and CRM modules. Security should focus on module permission boundaries, webmail risks, and integration token management.
¶ 1) Harden authentication and admin boundaries
- Integrate central identity provider where available.
- Enforce strong password policy and MFA for admins.
- Restrict super-admin access and review privileges regularly.
- Disable user self-registration unless required.
¶ 2) Secure modules and webmail behavior
- Disable unused modules to reduce attack surface.
- Restrict external IMAP/SMTP credentials to secure transport only.
- Limit public sharing defaults for files and calendar links.
- Apply strict session timeout for privileged roles.
¶ 3) Secure deployment and operations
- Keep PHP runtime hardened and updated.
- Keep database and background services internal-only.
- Back up message metadata/files and validate restore.
- Monitor auth logs and module permission changes.
- Group Office documentation: https://www.group-office.com/wiki/
- Group Office source repository: https://github.com/Intermesh/groupoffice
Any questions?
Feel free to contact us. Find all contact information on our contact page.