If you are a small or medium-sized organisation using one of Microsoft’s business or enterprise plans. Your organisation is likely to be attacked by cyber criminals and hackers.

If you are looking for ways to secure your Microsoft 365 environment, then read more to find out our top 7.

Microsoft 365 secure score

Before you begin, check your Microsoft 365 Secure Score in the Microsoft 365 security centre. From a centralised dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure.

You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organisation’s security health.

7 ways to improve security for Microsoft 365

1.   Set up multi factor authentication

Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your organisation. It’s easier than it sounds – when you log in, multi-factor authentication means you’ll type a code from your phone to get access to Microsoft 365. This can prevent hackers from taking over if they know your password. Multi-factor authentication is also called 2-step verification.

2.   Train your users

Making sure your users are aware of the risks your organisations could face. This can include common types of scams, how to spot a fake email, to never share passwords etc. Create a standard training course for all users to do when joining the organisation and a refresher to keep them up to date.

3.   Use dedicated admin accounts

The administrative accounts you use to administer your Microsoft 365 environment include elevated privileges. These are valuable targets for hackers and cybercriminals. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function.

4.   Protect against ransomware

Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for “ransom,” usually in the form of cryptocurrencies like Bitcoin, in exchange for access to data.

You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:

  • Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so we’ll warn users not to open these files from people they do not know.
  • Block file types that could contain ransomware or other malicious code. We’ll start with a common list of executables (listed in the table below). If your organisation uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).

5.   Use Office 365 message encryption

Office Message Encryption is included with Microsoft 365. It’s already set up. With Office Message Encryption, your organisation can send and receive encrypted email messages between people inside and outside your organisation. Office 365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.

6.   Protect against phishing attacks

If you’ve configured one or more custom domains for your Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, a part of Microsoft Defender for Office 365, can help protect your organisation from malicious impersonation-based phishing attacks and other phishing attacks. If you haven’t configured a custom domain, you do not need to do this.

You can also enhance this protection with third-part solutions like Mimecast.

7.   Activate safe attachments

People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It’s not always easy to tell whether an attachment is safe or malicious just by looking at an email message.

Microsoft Defender for Office 365 includes Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.

As you can see Microsoft 365 comes with a huge range of features and capability to better secure your Microsoft 365 environment. If you would like to find out more or book a security review, please contact us today.