10 ways to secure Office 365

Ross MacKenzie
Tags: Microsoft Microsoft 365

Following a string of high-profile data breaches and the recent WannaCry ransomware attack, cyber-security has never been higher on most businesses’ lists of priorities. For many of those businesses, Office 365 serves as their entry-point to the cloud. While migrating to the cloud has many advantages it also brings its own security challenges.

Here are 10 ways to secure Office 365:

1. Implement a password policy

You can’t always legislate for the human element and survey after survey shows that, left to their own devices, users choose weak and easily ‘crackable’ passwords. Implement a secure password policy that incorporates strength (no more ‘PASSWORD’ or ‘12345’) and automatic password expiration.

2. Assess the environment with Secure Score 

Secure Score  is a tool that surveys your entire Office 365 setup and ascribes a score based on your regular activities and current security settings. It also suggests actions that can be taken to improve security and lower risks in each area.

3. Message encryption

Office 365 offers a message encryption service. This requires the recipient to log in to the platform to read and reply to an encrypted message, or to use a one-time passcode to access it.

4. Mobile device management

Mobile device management (MDM) allows you to set up controls over the mobile devices used to access Office 365. This includes functions such as setting user level policies and even the ability to wipe the device. This can be particularly important if you have a bring your own device (BYOD) policy.

5. Advanced Threat Protection

Many attacks originate in user mailboxes and Office 365’s Advanced Threat Protection is designed to provide an extra layer of real-time protection. It helps protect against unsafe attachments and malicious links, complementing the security features of Exchange Online Protection.

6. Securing apps with Azure Active Directory Premium

By using Azure AD Application Proxy, a feature of the Azure Active Directory Premium edition, you can secure single sign-on (SSO) and secure remote access for web applications hosted on-premises. End users can then access these apps the same way they access Office 365.

7. Multi-Factor Authentication

This requires users to log in with more than just the usual user name and password. This can include answering a phone call or entering an access code received via text. Multi-factor authentication can be set up on both a user-by-user and an ISP or location basis.

8. Data back-up

Office 365 offers a certain amount of backup. Outlook allows admins to customise retention for deleted items and OneDrive has a recycle bin. Retention and recovery options are limited however, so it usually makes sense to back up data with a supported third-party application such as Acronis, Azure Backup or Email Archiving.

9. Rights Management

You can use Rights Management to set up online access settings, content expiration settings and other restrictions. This can help ensure that documents are only ever used by the intended recipient and for the intended purpose.

10. Data Loss Prevention

Data Loss Prevention (DLP) is a feature available in both Office 365 and Exchange. It allows you to create policies that can restrict certain content, such as emails or credit card details, to being saved to SharePoint Online and OneDrive for Business, or otherwise being shared externally.

Related Articles

Cobweb MD named in LDC Top 50 Business Leaders ‘One to Watch’

"The leaders behind tomorrow’s mid-sized firms, growing innovative and resilient businesses, and making a big impact on their custom...

Read More

What is Microsoft Azure and why does your business need it?

Andrew, a Cloud Solution Architect, looks at what Azure is, why businesses should use it, and some Azure misconceptions he has heard...

Read More

Microsoft Excel: why it's a friend, until it's a foe

Excel has been in the news recently for all the wrong reasons but, Cloud Solution Architect, Bailey, reminds us why it's vital and w...

Read More

Here are all the Teams features announced during Ignite 2020

Discover all the latest Teams updates that were shared during Microsoft Ignite 2020 here.

Read More