Top 7 Ways to Secure Microsoft 365

Despite dating back to the early 2000s, many organizations still have concerns about the safety of cloud-based technologies such as Microsoft Office 365.

A big part of cloud computing’s appeal, lies in its ability to make your data accessible from anywhere, which can be invaluable to businesses ranging from multinational organizations with globally-distributed workforces, right through to startups who just want to give their employees the option to work from home. Ironically, cloud’s biggest strength is also the thing that most cloud adopters worry about: if your data is accessible at any time, from anywhere, then it’s also uniquely susceptible to unauthorized access.

Perhaps you’re contemplating migrating to the cloud and want to research how to keep your data safe, or maybe you’re already a Microsoft Office 365 user who’s looking to take some additional steps to ensure your account remains private and secure.

Regardless of where you are on your cloud journey, in this article I’ll share the top 7 ways that you can keep your Microsoft Office 365 accounts and data safe from prying eyes, including taking your malware protection to the next level, creating security policies for your employees’ personal smartphones and tablets, and how to future-proof your organization, so you’re ready for the next wave of digital security threats. 

1. Don’t forget to secure your employees’ smartphones and tablets 

Smartphones and tablets have revolutionized the way we access data, but this convenience comes at a cost.

Every time an employee responds to an urgent work email on their smartphone, or downloads company documents to read on the train ride home, they’re exposing your organization to a potential security breach. In the worst case scenario, one of your employees could be walking around with huge amounts of confidential corporate data stored on a smartphone that isn’t even protected by a basic “1234” lockscreen PIN.

Unlike traditional desktop PCs or Macs, mobile devices are easily lost, misplaced or stolen.
According to the British Transport Police, phone thefts on the London Underground have risen
by 25% within the past year, with an average of twelve people being pickpocketed every single
day. In 2016, even the Home Secretary, Sajid Javid fell victim, when his smartphone was
snatched right out of his hands by moped thieves.

"It happened in a flash. I was walking out of Euston station and reached for my phone to call a taxi," the minister said. “Before I knew what was happening, it had gone. They just rode up, grabbed it and zoomed off.”

If your employees regularly access their work email or company documents on their smartphones or tablets, then it’s vital that this information is properly protected.

Microsoft Office 365 comes with a number of security features that can help keep your organization's documents and emails secure, including Mobile Device Management which is specifically designed for mobile devices such as iPhones, iPads, Android devices, and Windows Phones.

Your Office 365 administrator can use the Mobile Device Management feature to create mobile device management policies that each user must opt into, before they can access Office 365 resources on their smartphone or tablet. These policies might include protecting their data with an alphanumeric password consisting of a minimum number of characters, encrypting their entire device, or disabling automatic backups which can result in your sensitive corporate data being inadvertently copied to external services, such as Google backup and auto sync.

In the worst case scenario where an employee’s device is lost, stolen or misplaced, your administrator can use Mobile Device Management to remotely wipe all company data from the missing device. Alternatively, you could take a proactive approach and configure Office to wipe a user’s mobile device automatically in response to multiple failed sign-in attempts. 

2. Don’t rely on passwords: Activating Multi-Factor Authentication 

Ideally, all your employees should already be using strong, complex passwords featuring a mixture of letters, symbols, numbers, and upper and lower case characters. However, even the strongest password can be leaked or stolen, which is where Multi-Factor Authentication (MFA) comes in.

According to Microsoft, 63% of users have weak, default or stolen passwords.

MFA, sometimes referred to as 2-step verification, adds an extra layer of security to your password strategy, which can prevent hackers from gaining access to your Office 365 data - even in the worst case scenario where your password is leaked or stolen.

Once MFA is in place, the user will need to enter their password and then complete a second authentication method before being granted access to their account. This additional authentication layer can take several forms, including answering a phone call, entering a randomly-generated password sent via SMS message, or completing biometric authentication, making Multi-Factor Authentication one of the most effective ways to secure your Microsoft accounts. 

To activate Multi-Factor Authentication:

  •  Head over to the Microsoft 365 admin center. 
  • In the search bar, type “multi” and then choose “Azure multi-factor authentication settings.”
  • Select “Manage multi-factor authentication.”
  • Select all the accounts where you want to apply MFA, and then click “Enable.”

3. Encrypt your emails

Email has changed the way we do business. Even if you work at a startup where everyone is in the same open plan office, chances are your first instinct is to drop your fellow employee an email rather than walking over to their desk and actually speaking to them in person.

It takes hackers 4 minutes to get into networks through Email attacks and 286 days for detection followed by an additional 80 days for damage control.

In theory, all emails should be private, but when an email contains sensitive information such as legal contracts, financial data, or sales reports, you’ll need to take extra steps to protect this information from prying eyes. Even if an email doesn’t contain explicitly confidential information, accidentally exposing a business email to a third party can still be embarrassing, especially if that third party decides to publish the email!

Office 365 Message Encryption allows you to exchange encrypted messages with people inside and outside of your organization using a range of email services, including non-Microsoft services such as Gmail and Yahoo!

To send an encrypted email using Outlook for PC:

  • Check your email as normal.
  • Select "Options" from Outlooks toolbar, followed by "Permissions". 
  • Choose "Encrypt".

To send an encrypted email using Outlook.com, create your email and then:

  • Select “Protect” from the Outlook.com toolbar.
  • Select “Change Permissions,” followed by “Encrypt.”

If the recipient is using Outlook 2013, Outlook 2016 or they have an Office 365 email account then they’ll receive a notification every time they receive an encrypted message, and will then be able to view and reply to that message inside their account, just like a regular email.

If the recipient is using another email client or email account, such as Yahoo! or Gmail, then they'll receive a link that prompts them for a one-time passcode before displaying the encrypted message in their web browser.

Your administrator can also define mail flow rules that ensure all your sensitive messages are encrypted automatically, for example you might create a rule that applies encryption to all messages addressed to a certain recipient, or all messages that contain attachments.

4. Control who has access to your content 

Many organizations share a wide range of content - whether that’s notes from yesterday’s sales meeting, your projected revenue figures, or your campaign schedule for the upcoming month. However, every time you share a piece of content, there’s a chance it could fall into the wrong hands.

To keep control over your content, it’s vital that you set some rules about what content can be shared internally and externally, and by whom.

Using Microsoft Office 365, you can control exactly which content can be shared via OneDrive and SharePoint Online, and can even configure an individual user’s sharing settings.

To modify the sharing settings across your entire organization for SharePoint and OneDrive, head over to the OneDrive admin center, find the “Default link type” section and then select the type of link that’s created by default, every time sometime tries to share an item.

You can choose from the following link types:

  • Shareable links. Accessible to anyone who has this link. 
  • Internal links. Accessible only to users within your organization. Direct links. Accessible only to the individual(s) specified when the user first created this link.
  • Direct links. Accessible only to the individual(s) specified when the user first created this link. 

5. Protect yourself against the 79% rise in malware

Malware poses an ever-increasing threat to consumers and businesses alike. According to a new report from Malwarebytes Labs, in 2017-2018 the overall business detections of malware rose 79%, with particularly significant increases in the amount of backdoor (173%), Trojans (132%), and spyware attacks (142%) detected throughout this period.

Microsoft Office 356 comes with built-in protection against malware, but with pretty much all forms of malware on the rise, you can boost your level of protection by blocking all email attachments that are commonly associated with malware:

  • Head over to https://protection.office.com.
  • Sign into your admin account.
  • In the left-hand menu, find the “Threat management” section and then select “Policy > Anti-Malware.”
  • Double-click the default policy.
  • Select “Settings.”
  •  Under “Common Attachment Types Filter,” select “On.”  
  •  Review the list of file types that are currently blocked, and then add or delete file types, as required.  
  •   Click “Save.”   

Hackers have also been known to hide malicious links in email attachments, and sometimes even within the email text itself. You can use Office 365 Advanced Threat Protection (ATP) Safe Links to provide time-of-click verification for all URLs contained within emails and Office documents. 

Hackers have also been known to hide malicious links in email attachments, and sometimes even within the email text itself. You can use Office 365 Advanced Threat Protection (ATP) Safe Links to provide time-of-click verification for all URLs contained within emails and Office documents. 

To get started with ATP Safe links, it’s recommended that you modify the default policy:

  • Head over to https://protection.office.com. 
  • Sign in with your admin credentials.
  • In the left-hand menu, click to expand the “Threat management” section.
  • Choose “Policy.”  
  • On the subsequent “Policy” screen, select “ATP Safe Links.”  
  • Find “Policies that apply to the entire organization,” and then select the “Default policy.”  
  • Under “Settings that apply to content except email,” select “Office 365 ProPlus, Office for iOS and Android.”   
  • Click “Save.”   

As part of our complete suite of Microsoft and cloud migration services, we offer a MICROSOFT 365 E5 subscription that includes all the latest Advanced Threat Protection (ATP) features. You can review our available Cloud Migration services, or claim your one month free trial of MICROSOFT 365 E5 today

6. Use Administrative accounts for admin only 

Admin accounts include elevated privileges, which make them a valuable target.

To reduce the chances of a hacker gaining access to your admin account(s) and wreaking havoc across your organization, it’s recommended that you use your Office 365 Administrator accounts for admin only. Each of your administrators should have a separate user account, with regular privileges that they can use to perform everyday tasks, which don’t explicitly require administrative access.

When an admin does need to perform administrative tasks, they should log into their admin account, perform the necessary work, and then immediately log out, in order to limit the risk of anyone gaining unauthorized access to this privileged account.

7. Future-proof your organization with staff training 

New digital security threats are being discovered all the time, to the point where Google, Apple, and Microsoft all have a portal dedicated to keeping users up-to-date on the new vulnerabilities they fully expect to discover across their software and services.

So, how do you protect yourself against security threats that don’t even exist yet?

One of the most effective ways of future-proofing your organization, is to establish a strong culture of security awareness. By training your staff to be vigilant against suspicious digital activity, they’ll be more likely to spot and avoid the security vulnerabilities that will threaten your organization in the coming months and years.

As experts in digital security, we can provide webinars and immersive training exercises that simulate the latest phishing, malware, and drive-by threat tactics, which could potentially reduce your organization’s susceptibility to digital attacks by more than 95%. All of our Microsoft Office 365 subscriptions also come with free technical support as standard, so your employees can contact our highly-trained team of Microsoft specialists, if they have any security concerns or questions. 


Claim Your One Month FREE Trial of Microsoft 365 E5 Today.

Speak to a member of our team today 0114 292 2911 or email sales@systemsassurance.com if you need any assistance.


Share this article on social media


If you found this article interesting, please share it on social media.


Subscribe to our blog...


We will only use your email to send you new blog posts.