Improving the Security Posture of Microsoft 365 – 5 Built-in Security Features You Should Be Using
If your business uses Microsoft 365, you’re likely to feel that your data is in pretty safe hands. With Microsoft’s cloud services used by over 1 million business customers worldwide (including 90% of Fortune 500c companies) and over $1 billion invested in cyber security each year, it’s easy to feel complacent when it comes to data security in the Microsoft Cloud.
With a class-leading commitment to privacy, transparency and security (both physical and cyber), Microsoft’s cloud offering is widely considered the most compliance-friendly cloud environment out there. However, it’s important to remember that much responsibility remains in your hands when it comes to protecting the sensitive data your business holds.
Fortunately, Microsoft 365 contains numerous security features as standard. These are easy to configure and will help to further improve the integrity of your cloud environment, reducing the chances of a costly data breach. Let’s examine 5 of the best security features that you can deploy in your Microsoft 365 environment right now.
Threat Policies
All Microsoft 365 subscriptions feature in-built malware, spam and phishing protection capabilities. These aren’t ‘all-encompassing’ security protections, and should be used in addition to, not as a substitute for other security devices you have available to you.
These protections can be activated from within the Microsoft 365 Admin Centre. Simply log in to your Microsoft 365 account online and navigate to the admin centre as shown below.
The range of threat protection features available to you will vary according to your Microsoft 365 subscription, but you should see the ability to set policies for anti-phishing, anti-spam and anti-malware protection. All 3 of these threat protection policies are aimed at targeting email-based threats. While such protection may seem fairly limited in its scope, it’s important to bear in mind that the email inbox remains the most vulnerable attack surface element, with email-based phishing attempts the most commonly encountered cyber threat facing UK businesses.
Multi-factor authentication
With hackers often using freely available password-hacking tools to perform account takeovers, it pays to use more elaborate authentication methods than the traditional ‘username/password’ combination. Multi-factor authentication (MFA) requires the submission of at least 2 pieces of identifying information in order for account access to be granted.
Multi-factor authentication can be instated across your Microsoft 365 accounts via the 365 admin centre. Simply click ‘Users’ from the side menu, select ‘active users’ and then click the tab titled ‘Multi-factor authentication’ as shown below.
It’s from here that several password-less authentication options can be set up. The current choices include:
Microsoft Authenticator Mobile app. A mobile app feature facial recognition, fingerprint scanning and pin verification as an alternative to passwords.
Windows Hello. Device-level authentication via pin, facial recognition or fingerprint. Compatible with devices operating Windows 10 and 11.
FIDO2 security keys. Use a peripheral device (typically USB devices) as your passwordless authentication method.
Conclusion
When it comes to cyber security, Microsoft 365’s in-built security features certainly don’t cover all bases. Many users however, fail to fully utilise these features, and they’re definitely worth checking out if you haven’t already.
In our next article, we’ll explore 6 further actions you take to safeguard your Microsoft 365 environment.
About Provident IT
From ad-hoc technical support through to fully managed IT support, the Provident IT team can be your own internal IT department – but with more resources and lower costs. We work with businesses of all sizes and in all kinds of different capacities, with a proven track record for improving productivity, increasing security and reducing IT spend for our clients.