layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

Getting the best out of Microsoft 365 part 1: Security

Posted by Dan Felix on February 9th 2021

Welcome to the first of our three-part blog series which introduces the (often underutilised) Microsoft 365 technologies and features that can improve security, communication, productivity and collaboration across your business. 

The series will cover:

Part 1: Security: Getting the best out of Microsoft 365.

Part 2: Communication & Collaboration: Getting the best out of Microsoft 365.

Part 3: Productivity & Data Insights: Getting the best out of Microsoft 365.

 

So, without further ado, let’s dive into part 1, Security…

If you’ve made the move to Microsoft 365 you can be sure that your business will be benefiting from unrivalled built-in security protection to protect your users, information and devices.

Whilst Office 365 is, to a large extent, ‘plug and play’, those responsible for IT within your business have an important role to play in managing the entire business network using the central admin function (for example, for regular maintenance operations such as vulnerability scanning, and diagnostics and troubleshooting activities). Microsoft 365 gives your IT personnel the capability to control:

  • Identity and access management e.g., conditional access requirements based on device and location, multi factor authentication, etc. Please note that conditional access requires Azure AD Premium feature.
  • Continuous threat protection against internet-based threats (e.g., malicious links), application-based threats (e.g., malicious apps) and device-level protection. It also includes tools to identify, isolate and respond to threats and attacks, protects users against the known list of malicious websites, and informs users of malicious attachments before they are opened.
  • The safeguarding of information as it flows between people, devices and apps.
  • The monitoring and management of security. See users and machines at risk, and active alerts. Analytics shows the security updates that need to be applied to your organisation’s machines.

Getting the most out of Microsoft 365’s security capabilities

Whilst the best security protection comes as standard with Microsoft 365, those responsible for IT within your business should tailor security settings to the requirements of your organisation to ensure that you are benefiting from the best security capabilities that Microsoft 365 has to offer. This includes:

  1. Enable multi factor authentication 

MFA (also known as 2FA) is an additional security layer which comes as part of your Microsoft 365 licence. It works by having a secondary device, such as smart phone, confirm verification by the user that the login is by the authorised. It will also alert the same device if a 3rd party is trying to access to their account.

2. Review all admin and inactive user accounts

This ensure that only those people who are still actively involved in your business have access to your business’s data and systems, and that only the right people have admin rights.

3. Enabling Microsoft 365’s anti-spoofing technology

This will protect your business from phishing attacks from spoof emails that try to trick your users into clicking on a malicious links.

4.Use Microsoft 365’s Advanced Threat Prevention

This protects mailboxes, files, online storage and applications against cyber-attacks and accessibility to this feature may require an additional licence.

5. Enabling mailbox audit logging, to log mailbox activities.

6. Use Azure AD premium features

This can add additional protection to your cloud and on-premise resources via intelligent conditional access policies, self-service password reset, password protection and even passwordless authentication. These features may require an additional licence.

7. Office 365 portal branding to prevent phishing attacks.

Phishing attacks will lead you to a fake login page where they will ask for a username and password, hoping that the end-user will not see the difference between the real login page and the fake page. With Azure Active Directory you can change the login page for Office 365, so it contains your logo, a tagline, and some basic company information. Phishing attackers in most cases won’t go through the trouble to build a custom login page.

8. Use eDiscovery to enable you to search, analyse and package particular content across your entire business’s data (emails, folders, etc.)

This can be particularly important to protect sensitive information, and for regulatory compliance and in response to a legal request or investigation.

In conclusion

Whilst security protection comes as standard with Microsoft 365, you should tailor this to your specific requirements to ensure your organisation is benefiting from the enhanced security capabilities that Microsoft 365 has to offer.

Hopefully, this guide has been helpful in providing an overview of Microsoft’s enhanced security features. As a Microsoft Direct CSP and Gold Partner we provide our clients with fully comprehensive solutions across your cloud and physical environments.