Microsoft 365 Security Best Practice – 10 Ways To Secure Your Microsoft 365

3 minute read

Microsoft 365 Security Best Practice – 10 Ways To Secure Your Microsoft 365

Topics: Microsoft 365 IT Security

By Calligo on 1 September 2020

Microsoft 365 (formerly Office 365) is an incredibly valuable tool for business.


Not only can this powerful platform boost productivity and make it easy to access important documents anywhere, but it is also capable of reducing security risks through its advanced security features.


However, it will not do so out of the box. Let’s take a look at ten ways you can improve the security of your Microsoft 365 account.


How to secure your Microsoft (Office) 365 account


1. Train your employees 

It goes without saying, but too many businesses don’t take the time to invest in adequate training for their teams. Technology is one thing, but human error is by far the greatest cybersecurity risk so it’s vital that your team knows the right protocol to prevent such attacks.


Each time a new employee joins your team, ensure that they go through security training. Do not allow new employees to use company technology or access sensitive data before they are properly trained. And make sure that training is regularly repeated in order to reinforce vigilance.


2. Take advantage of Microsoft Security Score

Microsoft offers a free security score analytics tool called Microsoft Security Score. This tool measures whether or not your business and its users are meeting the baseline security requirements recommended by Microsoft. 


Using this tool every quarter can provide valuable insight into the current state of your Microsoft 365 security, as well as what you can do to improve it.


3. Set up Multi-Factor Authentication 

This best practice is recommended by Microsoft, and for good reason. Multi-Factor Authentication is an incredibly effective and simple way to improve your business’s security. It’s also easy to set up.

  1. Go to the admin center and select Users > Active Users.
  2. Select Multi-Factor Authentication.
  3. Select User if you are enabling it just for one single user, or select Bulk Update to enable all users on your account.
  4. Select Enable, located in the Quick Steps section.
  5. Choose Enable Multi-Factor Authentication in the pop-up window.

4. Use Active Directory

Active Directory can be used to detect or stop attempts to access data from suspicious or unknown sources. For example, you might have an employee seemingly access her account from her apartment in New York one minute but suddenly tries to access it from London the next. Active Directory will help identify this anomaly.


You can configure your settings in Active Directory to generate notifications when attempts like this and others occur.


5. Use Conditional Access

This goes hand-in-hand with #4. Conditional Access allows you to restrict access to your Microsoft 365 to particular countries. For instance, if your company is based solely in Ireland and does not employ staff in other countries, you should block those countries by enabling Conditional Access and restricting access to Ireland only. 


6. Make strong passwords mandatory

Choosing simple passwords so they are easy to remember is a thing of the past and should be banned. All employees with user accounts should have to follow a password policy to prevent brute-force attacks. The following formula can be quite effective:

  1. Require a minimum of 8 characters.
  2. Require uppercase, lowercase, and numerical characters.
  3. Enforce an expiration policy.
  4. Do not allow users to use the same password for multiple accounts.


7. Additional protection for admin accounts

Your administrator accounts automatically have additional privileges in Microsoft 365, making them prime targets for hackers. 


Your admin users will need to exercise particular care, not least setting up Multi-Factor Authentication. Additional precautions include closing all browser sessions that aren’t relevant before logging on, and other best practices such as avoiding using browser plug-ins. 


8. Enable automated mailbox auditing

Microsoft’s Azure Sentinel is a handy tool for interpreting log events in your Microsoft 365 account, and it is totally free to use. It collects and interprets your email account’s daily signals in the context of trending global attacks in order to secure your account quickly if something appears suspicious.


9. Use OneDrive PC Folder Backup (previously known as “Known Folder”)

By enabling OneDrive PC Folder Backup, you’ll automatically upload your users’ desktop and document folders to their cloud account. This not only improves the security and availability of your data should you suffer a breach, but also improves the efficiency as files are automatically available online. 


10. Reject Auto-Forward emails to external domains

Auto-forwarding email may be convenient, but hackers who have managed to enter a user’s inbox could use auto-forwarding to send emails with sensitive information to an outside account.


To prevent this, follow these steps:

  1. In Exchange Admin Center, select Mail Flow > Rules.
  2. Select + > Create a new rule.
  3. Select More Options.
  4. Select Reject Auto-Forward emails to external domains.
  5. Select Save.



How to protect your
Microsoft 365 data

Discover the Microsoft 365 IT security features
that seem to automatically actively protect your data, but do not


The Top 9 SME
IT Security Threats

The top cybersecurity threats facing SMEs, based on our observations of client networks and their vulnerabilities