Microsoft 365: 5 Security Best Practices

Blog|by Alanna|22 December 2022

Five Microsoft 365 Best Practices To Boost Cyber Security

Many of the following best practices fall under the remit of basic cyber security hygiene. The vast majority of successful cyberattacks could be prevented by implementing simple, yet highly effective plans and processes.

1 in 4 SMBs state they experienced a cyberattack in the last year.

(Forrester)

Effective cyber resiliency to defend against these attacks requires a holistic approach, able to adapt and withstand evolving threats to core services and infrastructure.

To get you moving in the right direction, here are five practical cybersecurity best practices your business can use to keep its data safe and secure and how Microsoft 365 helps you get there.

1. Make sure you’re using multi-factor authentication

One of the most effective ways of reducing cyber threats to your business is introducing multi-factor authentication (MFA). Microsoft’s Mutli-factor authentication service is part of its Azure Active Directory.

In a nutshell, MFA means that if you’re attempting to access important organisational assets that are password protected, such as a Customer Relationship Management system, you’ll need two pieces of evidence that prove you have the required authority and details to gain access.

Ensuring MFA is employed in your organisation will not only reduce password-based attacks, which still constitutes the main source of identity compromise instances, it will also help your business move closer towards ‘Zero Trust’.

2. Protect your administrator accounts

Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. If these admin accounts are compromised, unauthorised users could gain access to confidential files, Azure resources and company users accounts.

Cybercrime as a Service (CaaS) entities are increasingly targeting companies, stealing vast amounts of sensitive information and selling this data on. For CaaS entities, admin accounts are their primary target, because of the level of access and privileges that are afforded to them. In order to reduce risk as much as possible make sure you:

  • Only have as many admin accounts as is strictly necessary (the fewer the better)
  • Adhere to the principle of least privilege (people should only have access to information and data that they need to do their job)

Microsoft have recently introduced brand new pre-set security policies for Exchange Online Protection and Microsoft Defender which includes brand new ‘profile’ classifications. These profiles include standard and strict classifications. Standard profiles provide a baseline level of protection that’s suitable for most users. Strict profiles offer more aggressive protection for select users (high value targets or priority users).

3. Defend against user error

Emails can contain malicious attacks disguised as harmless communications. Email systems are especially vulnerable, owing to the large numbers of people who handle emails, and safety relies on humans making consistently good decisions with those communications. Therefore, it’s important to invest in training and ensure everyone knows what to watch out for whether it’s spam or junk mail, phishing attempts, spoofing, and malware in their email.

Microsoft has a great set of documentation on this available via Microsoft Learn.

Microsoft 365’s Exchange Online has a number of tools that can help detect these characteristics in emails, and block them or warn users:

  • Anti-spam filter – Microsoft uses data generated across millions of tenants to identify and filter out these types of emails.
  • Anti-phishing checks – these types of attacks go beyond simple spam, Microsoft 365 uses machine learning to create a map of users that an email recipient corresponds with and uses this to determine whether a sender is real or fake.
  • Malware and attachments – Microsoft 365 defends against malware using intelligent tools to scan and detect malicious payloads.
  • Link analysis – Microsoft 365 scans links in emails to identify potentially dangerous destinations, and alerts the user against clicking those that are suspicious.

4. Use the cloud for secure productivity

Office apps such as Outlook, Excel, Word enable people to work productively and more securely across devices using the cloud, reducing the need for emails. Secure links can now be shared that are stored in SharePoint or OneDrive as opposed to the riskier method of sending documents over email.

Use Microsoft Teams as one of the best ways to collaborate and share securely. With Microsoft Teams, all files and communications are in a protected environment and aren’t being stored in unsafe ways outside of it.

Grant people only the access they need to do their jobs. Sometimes, default sharing levels for SharePoint and OneDrive may be set to a more permissive level than they should. Review and if necessary, change the default settings to increase security and better protect your business.

5. Proactive maintenance and monitoring

After the initial setup and configuration of Microsoft 365 is complete, your organisation should create a maintenance and operations plan. As people come and go, users will be to be added or removed, passwords will need to be reset, and devices may need to be entirely reset. To revisit an earlier point, you’ll also want to make sure that only people within your organisation have access to the most important systems.

If you want to understand how to implement monitoring of your Microsoft 365 environment, get in touch with us and we can advise you.

Webinar: Defend against cyber threats with Microsoft 365

If you still have questions about Microsoft 365 Security, we’re running a webinar in the New Year to help you. Learn how Microsoft 365 Business Premium defends against cyber threats. The key areas of Microsoft 365 that will be covered are:

  • Microsoft Defender for Office 365
  • Microsoft InTune
  • Microsoft Purview
  • Microsoft Authenticator App
  • Windows Hello

Join us on 24 January 2023 at 10:00 AM to get fresh insights and the opportunity to ask our Microsoft 365 product expert any questions you may have in the following Q&A.

Sign up here

 

22 December 2022 | Blog
Previous post
We’re at Cloud Expo Europe 2023, 8-9 March
Next post
Acronis Cyber Protect Cloud December 2022 release
Alanna

Related News

[WEBINAR] Accelerating agile: Scaling quality with AI and automation

AI is transforming app quality – will your team adapt or fall behind? AI is no longer on the horizon – it’s reshaping how dev and test teams work today. The question isn’t if you’ll adopt AI-driven testing, but how...

News|14 May 2025
Update, migrate or re-develop – navigating application modernisation

Wed 4 June 2025 11:00 am - 12:00 pm GMT

We’re joining Black Marble on this webinar to discuss how application modernisation could be your key to staying one step ahead in an era of technological change. Explore the benefits of application modernisation Modernisation can help you achieve greater efficiency,...

Events
GitHub Copilot: how to harness the power of AI for developers

Wed 28 May 2025 11:00 am - 12:00 pm GMT

Tune in to this webinar as we join Black Marble to discuss how you can get GitHub Copilot working for you.   Discover more about GitHub Copilot Enhanced productivity. Improved code quality. Free up time to do what you do best....

Events
Cloud Adoption Framework: understanding your motivations and goals

In video two of our Azure 101 series, Azure Solution Specialists, Sam Barnes and Gina Shobrook delve deeper into the Cloud Adoption Framework.  Lay the foundations of your cloud adoption with insights from this short video. Get advice from the...

Videos|7 May 2025

Select Your Region