Using Microsoft 365 means that a large percentage of your business data, from emails to spreadsheets, is hosted in the Microsoft cloud. The Microsoft cloud platform is incredibly secure in itself, but it’s up to YOU to manage your own environment in that cloud!
Here’s the good news: The Microsoft 365 platform has numerous built-in security features that, if configured and maintained correctly, can protect your business from cyber thieves. Let’s look at the controls you need to deploy in your Microsoft 365 platform.
How do I secure Microsoft 365? Seven key features!
There are seven core security features in Microsoft 365 that are an absolute must for any organization. All of these come as part of your 365 licenses, but to be used correctly, they need to be configured and maintained for your specific business needs.
1. Multi-Factor Authentication (MFA)
In the current landscape, multi-factor authentication should not be optional. MFA protects your cloud identities when a password is inevitably leaked or stolen. It can also allow you to adopt a simpler password complexity policy and remove the need for password expiration thanks to the added authentication step.
With MFA, any leaked login credentials are useless to a cybercriminal because they can’t complete the authentication process. This extra layer of security takes only a few seconds of your day and ensures that your accounts (and the data in them) are secure. Make sure this feature is enabled on your Microsoft 365 platform!
2. Search audit log and alert policy
This feature has recently been updated to be automatically enabled, but is still worth checking to be sure. Check logs allow you to view the history of activities within the 365 tenants.
Depending on the license you use, you can create additional custom alert policies to stay informed about each event you deem necessary in 365.
3. Email authentication
SPF, DKIM & DMARC – These are just different forms of authentication in your emails. Note the lock icon next to the website in your browser’s address bar? DKIM is basically a variation on that, digitally signing your email and marking it with the right source. This all happens in the background, with no noticeable change in your emails or 365 experience.
The purpose of these email verification documents is to ensure that no one can mimic your email address or domain both internally and externally. This is a crucial security combination; it only requires an accurate configuration!
4. Exchange Online Protection Baseline
Out of the box, the “protection baseline” is installed and operational. The initial settings are general and must be configured by your IT administrator for your specific needs.
The policies included in the baseline should be reviewed and aligned with your industry’s current best practices. A vCIO can be a great resource if you need some help with this tedious process.
5. Turn off automatic client forwarding
Often, malicious parties use this feature to quietly forward sensitive emails from an organization to a mailbox they manage. End users are generally not aware that this is happening.
In general, business email probably shouldn’t be forwarded to private addresses at all. For this reason, we recommend that you always turn this feature off across the board. From there, it can be switched on again per user if necessary.
6. Requests for administrative authorisation
This is another method of attack that is often overlooked. By default, anyone can access a third-party app for use in the Microsoft 365 cloud. An example of this is adobe’s document cloud.
In order to establish this connection, certain access is granted between the third party and 365. If no administrative permission is enabled, a spearphishing attempt with a link that asks a user to reset their OneDrive password may allow cybercriminals within your organization’s 365 tenant.
Administrative consent requests take the cybersecurity risks out of the user’s hands!
7. OneDrive backup for familiar folders
All 365 plans have 1TB of OneDrive space per user. This space should be used to replace your organization’s old methods for redirecting folders to your servers.
OneDrive offers automatic cloud backups; which users around the world can restore independently without the help of system administrators!