Many commercial spam filters are now licensed based on "real people". When talking to these vendors, I realized that I do not have a good way of separating individual accounts from other accounts, so I don't know how many "people" license I would need. Thinking further, I would like to create user categories and configure account settings based on those categories
- Employees enabled for remote access
- Employees not enable for remote access
- Shared departmental accounts that are mostly receive-only and never used remotely
- Vendor accounts that are only used remotely, and possibly enabled as-needed only.
- Service accounts that are send-only and locked to the service's IP address
- Service accounts that send and receive and locked to the service's IP address
As this list implies, I also want to use the user category to configure consistent user security settings:
- 2FA enabled or disabled. Possibly further qualified by whether 2FA is implemented as email only, time-based token, or user choice.
- Whether login restrictions are restricted by IP, enabled or disabled. If enabled, the category also includes the list of allowed IPs.
- Allowed and disallowed protocols (SMTP In, SMTP out, MAPI, EWS, EAS, POP, IMPP, XMPP)
- SmarterMail or Active Directory passwords.
All of this would be extremely helpful in locking down my system appropriately. It would also address the original question of "how many people use this system?"