How to improve Microsoft 365 security out of the box

Investing in Microsoft 365 is a great way to enable the powerful cloud applications your team know and love. But with any software suite, there are some inherent security risks. Today, we’re looking at how to improve Microsoft 365 security right out of the box for a safer implementation in your organisation.

Whilst the best security protection comes as standard with Microsoft 365 those responsible for IT within your business should tailor security settings to the requirements of your organisation to ensure that you are benefiting from the best security capabilities that Microsoft 365 has on offer. These include:

1. Enable multi-factor authentication

While the combination of a username and password is still a decent level of security, multi-factor authentication (MFA) takes it one step further. MFA combines two or more factors – e.g., a password, a code, a fingerprint or even a retinal scan – to verify a person’s identity and protect against soft breaches. That means even if a criminal can get your password, they can’t access your account without the other verification method(s). MFA comes as part of your Microsoft 365 licence and provides an extra layer of protection for your sensitive company data.

2. Set up data encryption

For many organisations, encryption is a requirement to comply with legal regulations. With Microsoft 365, you can use TLS connections for files stored on the cloud and BitLocker for locally saved copies on your Windows PC. For an extra layer of security, enable externally encrypted email messages. This requires any recipient outside of your organisation to log in with a passcode or Microsoft account before they can access your message.

3. Count on advanced threat protection

One of the biggest cyber security threats comes from phishing emails which typically spread ransomware through malicious links and email attachments. Microsoft 365 has phishing and malware protection baked in with Advanced Threat Protection helping to prevent these links and attachments from reaching employees’ inboxes in the first place. You simply need to enable it from the security centre dashboard to deploy. According to Microsoft, Azure Sentinel, Microsoft 365 Defender and Azure Defender help you to prevent and detect attacks across the estate for all your data and accounts. When combined, you’re able to monitor and respond to threats in near real-time to reduce the possibility of data loss.

4. Clear out dead accounts

Employees, clients, and guests come and go. What shouldn’t remain for long is their access. Make it a policy to keep your database clean of any login which is no longer required. This will prevent that account from falling into the wrong hands. If the employee or guest returns, creating a new account is fast, easy and a safer way to manage your data.

5. Activate mobile device management (MDM)

Many employees use their own personal devices to access your Microsoft 365 architecture. Often this includes mobile phones, laptops, and tablets. Microsoft 365 offers built in Mobile Device Management (MDM) and Mobile Application Management (MAM) through Intune.

 When the device is protected by Intune, the admin has the authority to wipe the complete device in case of device theft, or just the corporate data. You can wipe the data remotely should the phone become compromised.

Need support to improve Microsoft 365 security out of the box? Take the first step and sign up for a free Microsoft 365 security workshop.