10 ways to secure Office 365

Ross MacKenzie
Tags: Microsoft Microsoft 365

Following a string of high-profile data breaches and the recent WannaCry ransomware attack, cyber-security has never been higher on most businesses’ lists of priorities. For many of those businesses, Office 365 serves as their entry-point to the cloud. While migrating to the cloud has many advantages it also brings its own security challenges.

Here are 10 ways to secure Office 365:

1. Implement a password policy

You can’t always legislate for the human element and survey after survey shows that, left to their own devices, users choose weak and easily ‘crackable’ passwords. Implement a secure password policy that incorporates strength (no more ‘PASSWORD’ or ‘12345’) and automatic password expiration.

2. Assess the environment with Secure Score 

Secure Score  is a tool that surveys your entire Office 365 setup and ascribes a score based on your regular activities and current security settings. It also suggests actions that can be taken to improve security and lower risks in each area.

3. Message encryption

Office 365 offers a message encryption service. This requires the recipient to log in to the platform to read and reply to an encrypted message, or to use a one-time passcode to access it.

4. Mobile device management

Mobile device management (MDM) allows you to set up controls over the mobile devices used to access Office 365. This includes functions such as setting user level policies and even the ability to wipe the device. This can be particularly important if you have a bring your own device (BYOD) policy.

5. Advanced Threat Protection

Many attacks originate in user mailboxes and Office 365’s Advanced Threat Protection is designed to provide an extra layer of real-time protection. It helps protect against unsafe attachments and malicious links, complementing the security features of Exchange Online Protection.

6. Securing apps with Azure Active Directory Premium

By using Azure AD Application Proxy, a feature of the Azure Active Directory Premium edition, you can secure single sign-on (SSO) and secure remote access for web applications hosted on-premises. End users can then access these apps the same way they access Office 365.

7. Multi-Factor Authentication

This requires users to log in with more than just the usual user name and password. This can include answering a phone call or entering an access code received via text. Multi-factor authentication can be set up on both a user-by-user and an ISP or location basis.

8. Data back-up

Office 365 offers a certain amount of backup. Outlook allows admins to customise retention for deleted items and OneDrive has a recycle bin. Retention and recovery options are limited however, so it usually makes sense to back up data with a supported third-party application such as Acronis, Azure Backup or Email Archiving.

9. Rights Management

You can use Rights Management to set up online access settings, content expiration settings and other restrictions. This can help ensure that documents are only ever used by the intended recipient and for the intended purpose.

10. Data Loss Prevention

Data Loss Prevention (DLP) is a feature available in both Office 365 and Exchange. It allows you to create policies that can restrict certain content, such as emails or credit card details, to being saved to SharePoint Online and OneDrive for Business, or otherwise being shared externally.

Related Articles

Running workloads in the cloud, you’re protected. Are you sure?

Cloud won’t protect from a badly architected solution! In this article I'm focusing on Disaster Recovery.

Read More

Cobweb MD highlights the power of cloud in Cloud Industry Forum webinar

How can UK businesses benefit from a cloud-first approach? Discover what our MD, Michael, has to say...

Read More

The Microsoft Exchange hack – a view from the trenches

10,000s of businesses with Exchange on-prem affected. Is now the time to consider Exchange Online?

Read More

Every Teams announcement you missed from Microsoft Ignite 2021

Learn about the latest features to hit Microsoft Teams in the coming weeks and months.

Read More