Improving the Security Posture of Microsoft 365 – 5 Built-in Security Features You Should Be Using

Microsoft Security 1

If your business uses Microsoft 365, you’re likely to feel that your data is in pretty safe hands. With Microsoft’s cloud services used by over 1 million business customers worldwide (including 90% of Fortune 500c companies) and over $1 billion invested in cyber security each year, it’s easy to feel complacent when it comes to data security in the Microsoft Cloud.

With a class-leading commitment to privacy, transparency and security (both physical and cyber), Microsoft’s cloud offering is widely considered the most compliance-friendly cloud environment out there. However, it’s important to remember that much responsibility remains in your hands when it comes to protecting the sensitive data your business holds.

Fortunately, Microsoft 365 contains numerous security features as standard. These are easy to configure and will help to further improve the integrity of your cloud environment, reducing the chances of a costly data breach. Let’s examine 5 of the best security features that you can deploy in your Microsoft 365 environment right now.

Threat Policies

All Microsoft 365 subscriptions feature in-built malware, spam and phishing protection capabilities. These aren’t ‘all-encompassing’ security protections, and should be used in addition to, not as a substitute for other security devices you have available to you.

These protections can be activated from within the Microsoft 365 Admin Centre. Simply log in to your Microsoft 365 account online and navigate to the admin centre as shown below.


Then, from the menu on the left side, click ‘security,’ this will open the ‘Microsoft 365 security centre.’  From here, navigate to ‘policies and rules’ from the side menu, and then click ‘threat policies’ as shown below.

The range of threat protection features available to you will vary according to your Microsoft 365 subscription, but you should see the ability to set policies for anti-phishing, anti-spam and anti-malware protection. All 3 of these threat protection policies are aimed at targeting email-based threats. While such protection may seem fairly limited in its scope, it’s important to bear in mind that the email inbox remains the most vulnerable attack surface element, with email-based phishing attempts the most commonly encountered cyber threat facing UK businesses.


Role-based access controls (RBAC)
For cyber criminals seeking to perform an account takeover, the most sought after account type are ‘admin accounts.’  These accounts feature the broadest permissions, including the ability to reconfigure security settings, download and install new programmes and typically grant unlimited access to data. It’s therefore fairly easy to understand  the catastrophic consequences an admin account takeover could have, with the hacker able to carry out an unconstrained rampage, accessing the most sensitive data and taking steps to lock legitimate users out of the system.
 
‘Role-based access control’ refers to the ability to restrict administrative and access privileges on an ‘as needed for role’ basis. In Microsoft 365, the most privileged user by default is the ‘Global admin,’ who having purchased the subscription has the ability to manage user passwords and even add and manage domains. Due to the security threat posed by such accounts it’s never advisable to have any more than 2 or 3 global admins.
 
Thankfully, Microsoft 365 features a number of ‘admin roles’ each with privileges relating to specific domains, and these can be applied on a time-limited basis to limit cyber security risk. To assign these privileges, open the 365 Admin Centre, locate and click the ‘settings’ menu on the left side, and then click ‘Org settings.’  Then, click the tab titled ‘Security & privacy’ and select ‘privileged access’ from the menu below.


From here you can govern admin privileges in a way that allows your team to complete tasks without subjecting your environment to excessive risk.
 
Secure Score
Microsoft Secure Score is a dashboard-based tool located within the 365 admin centre designed to help you evaluate your security posture and take action to improve it. It quantifies your overall security posture as a percentage score, and also offers individual grading for separate security domains, including identities and apps.
 
The ‘improvement actions’ tab (highlighted below) is one of the most helpful components of the secure score tool. Click on this tab, and you’ll be presented with a list of suggested actions that could be taken to improve your security posture, listed in order of effectiveness. Each improvement action is accompanied by a description, and you’ll typically encounter links which direct you to the implementation page for each.
 
Designed to take the bewilderment and complexity out of cyber security, Secure Score is a great way to take simple and decisive action that will help sure up your cyber defences.

Multi-factor authentication

With hackers often using freely available password-hacking tools to perform account takeovers, it pays to use more elaborate authentication methods than the traditional ‘username/password’ combination. Multi-factor authentication (MFA) requires the submission of at least 2 pieces of identifying information in order for account access to be granted.

Multi-factor authentication can be instated across your Microsoft 365 accounts via the 365 admin centre. Simply click ‘Users’ from the side menu, select ‘active users’ and then click the tab titled ‘Multi-factor authentication’ as shown below.

The Microsoft Authenticator Mobile app is one of the best ways to introduce multi-factor authentication. Upon sign-in, an auto-generated code will be sent to the user’s registered mobile device. Entering this code alongside the account password further verifies the identity of the individual making the sign in attempt, and thus helps safeguard accounts from unauthorised access.
 
 
Password-less Authentication
From keylogging malware and phishing attempts to brute force attacks and simple guesswork, hackers employ a range of increasingly sophisticated methods to compromise user accounts and steal the valuable data within. Cyber security experts now often recommend using password-less authentication as a more secure access protocol, but how does that work? 
Password-less authentication typically involves the submission of 2 or more pieces of identifying information in order to gain access to a resource. Such information might include:
 
·         Something in your possession. A randomised code sent to a registered mobile device.
·         Something you are. Biometric data, typically verified using a fingerprint or face scan.
·         Location data
·         Something sent to you. An access key.

Within Microsoft 365, password-less authentication can be activated via the Azure Active Directory Admin centre. From the main dashboard, locate and click ‘security’ on the side menu. Then navigate to ‘authentication methods,’ highlighted in green below.

It’s from here that several password-less authentication options can be set up. The current choices include:

  • Microsoft Authenticator Mobile app. A mobile app feature facial recognition, fingerprint scanning and pin verification as an alternative to passwords.
  • Windows Hello. Device-level authentication via pin, facial recognition or fingerprint. Compatible with devices operating Windows 10 and 11.
  • FIDO2 security keys. Use a peripheral device (typically USB devices) as your passwordless authentication method.

Conclusion

When it comes to cyber security, Microsoft 365’s in-built security features certainly don’t cover all bases. Many users however, fail to fully utilise these features, and they’re definitely worth checking out if you haven’t already.

In our next article, we’ll explore 6 further actions you take to safeguard your Microsoft 365 environment.

About Provident IT

From ad-hoc technical support through to fully managed IT support, the Provident IT team can be your own internal IT department – but with more resources and lower costs. We work with businesses of all sizes and in all kinds of different capacities, with a proven track record for improving productivity, increasing security and reducing IT spend for our clients.

Recent Posts