NAKIVO > Blog > Microsoft 365

10 Best Practices to Ensure Microsoft Office 365 Security

Published: February 18, 2023

Written by: NAKIVO Team

Microsoft Office 365 is one of the most popular productivity suites among businesses of all sizes and in various industries. Unfortunately, this popularity also attracts cybercriminals who usually target Office applications. In fact, in the year up to October 2022, more than 70% of recorded attacks exploited vulnerabilities within the Microsoft suite, according to Kaspersky’s 2022 statistics.

Organizations with a Microsoft 365 plan can leverage Office 365 security features and implement several protective measures to safeguard their data. This post covers the top 10 best practices to better secure your organization’s Microsoft Office 365 account. Read on to discover how you can set up different Office 365 tools to thwart internal and external threats.

Backup for Microsoft 365 Data

Backup for Microsoft 365 Data

Use the NAKIVO solution to back up Microsoft 365 data in Exchange Online, Teams, OneDrive and SharePoint Online for uninterrupted workflows and zero downtime.

DISCOVER SOLUTION

1. Enable Multi-Factor Authentication

Multi-Factor Authentication (MFA), also known as 2-step verification, provides an additional layer of security by requiring users to input a code received to their phones in order to log in to Office 365 applications. In Office 365, MFA is part of the modern authentication framework that ensures safe access to Microsoft resources.

MFA is considered one of the simplest yet most effective ways to improve security across your organization. Hackers cannot gain access to your account even if they know the username and password.

For recent subscriptions to a Microsoft 365 plan, MFA should be automatically enabled. You can choose one of the two available verification methods:

  • Microsoft Authenticator app: Download Microsoft Authenticator on a mobile device for free and add your account. Every time users log in, they receive a notification, which they should respond to authenticate the login process.
  • SMS message: Microsoft sends an SMS containing a 6-digit verification code that users need to input alongside their credentials to verify their identity.

2. Train Your Organization’s Employees

Human error is the most prominent cause of data breaches within an organization. Users who are not well-versed in cyber security best practices are easily deceived into opening fraudulent emails, clicking phishing links or downloading malicious attachments.

Businesses are strongly recommended to create a robust culture of security awareness by keeping their employees well-informed about common threats and vulnerabilities. To do so, you need to adopt the following measures:

  • Conduct awareness training: Educate newly hired employees on the detrimental consequences of social engineering schemes and phishing attacks. Users should learn how to create strong passwords and understand the different aspects of Office 365 email security.
  • Keep employees up to date: Cyber threats are continuously evolving in sophistication, which is why you have to constantly remind users to stay vigilant and report suspicious activities. The best way to do this is to frequently send emails about cybersecurity best practices and perform regular training sessions.

3. Manage User Accounts and Permissions

When it comes to permission control, it is necessary to adhere to the principle of least privilege. This means that users are granted access only to the data they need to complete their tasks. Admins can also use role-based access controls (RBAC) within Office 365 and set up synchronization with Azure Active Directory (AD) to manage users, assign specific roles and grant access to certain applications.

Keep in mind that Microsoft 365 admin accounts are a prime target for cybercriminals since they have elevated privileges and can access valuable data, thus putting the entire Office 365 tenant at risk. Administrators should use their accounts only when necessary and log in to a separate account to conduct regular non-admin tasks.

4. Configure Microsoft Defender for Office 365

Microsoft Defender provides advanced technologies that safeguard your organization from various threats posed by collaboration applications, email messages and links. All Microsoft 365 subscriptions include preset Office 365 security policies that employ recommended settings to protect users and workloads in your environment.

You can also manually configure important Microsoft Defender features such as:

  • Anti-phishing protection: Modify the default anti-phishing policy in Microsoft Defender for Office 365 or create a new one to prevent cyber criminals from acquiring sensitive information through phishing schemes. The built-in artificial intelligence functionality builds a database around a user’s communication routine to improve the detection of malicious content and protect your organization’s email addresses and domains against impersonation and spoofing.
  • Anti-malware protection: Microsoft Defender uses multi-layered protection to automatically detect different types of incoming or outgoing malware, such as spyware and viruses. More importantly, this feature offers reliable ransomware protection and real-time responses in case a threat is detected.
  • Safe Attachments: The Safe Attachments tool offers an extra layer of security by checking files that were already scanned by the anti-malware protection feature. Documents sent via email or other collaboration apps (OneDrive, Teams and SharePoint) are checked before they reach their destination, thus reducing the risk of ransomware infection.
  • Safe Links: You can enhance Office 365 email protection by configuring Safe Links to enable time-of-click verification for all URLs sent in email messages.

5. Use Microsoft Purview Information Protection

Ensuring optimal data governance is an essential part of keeping your organization’s Microsoft 365 plan secure. The Purview Information Protection center ensures Office 365 security and compliance by providing numerous tools that allow you to discover, classify and protect in-flight or at-rest data, including:

  • Azure Information Protection: Label and classify sensitive data so you could automatically apply the necessary protection measures and ensure that only authorized users can access it.
  • Data Loss Prevention (DLP): When you enable DLP policies, you limit data loss by locking classified data and preventing intentional or accidental exposure of sensitive information.
  • Data encryption: Microsoft provides double-key encryption, which means that your data is protected from unauthorized users. Only your organization can decrypt the data since it holds both encryption keys.
  • Information Rights Management (IRM): You can prevent information on SharePoint lists and libraries from being shared with external users by applying a lock. Based on the policies you specify, only authorized people can view and use these files.

6. Disable Auto-Forwarding for Email

In case your Microsoft 365 plan is compromised, attackers can gain access to all of your applications, including your Exchange Online environment. This allows them to delete messages, modify email rules and automatically forward all your emails to an external address.

Luckily, you can prevent this issue by disabling the auto-forwarding functionality from the Microsoft 365 admin center. Follow the steps below to learn how:

  1. Go to Microsoft 365 admin center and select Exchange > mail flow.
  2. In the rules tab, click + then choose create new rule.
  3. Select More options in the popup window and fill in the Name section.
  4. Open the apply this rule if drop-down then select the sender > is external/internal.
  5. Choose Inside the organization and click OK.
  6. Select add condition and open the drop-down then choose The message properties > include the message type.
  7. Open select message type and select Auto-forward then click OK.
  8. Open the Do the following drop-down, choose Block the message, then reject the message and include an explanation.
  9. Add your message text in specify rejection reason and click OK. This explanation message appears when auto-forwarding is attempted.
  10. Click Save at the bottom of the page.

If all else fails, rest assured that you know how to recover deleted emails in Office 365 in most cases.

7. Protect All Devices

All devices, even personal ones used for work purposes such as smartphones and tablets, are a potential gateway for cybercriminals to infiltrate your organization. It is recommended that you configure them properly to ensure that they have adequate protection.

Microsoft offers Basic Mobility and Security allowing you to manage and secure users’ mobile devices. Admins can enforce security policies, set access permissions or even wipe the entire memory of a device if necessary.

8. Monitor and Audit Your Security Policies

Threats continuously evolve which is why it is important to regularly review and update your security policies to align with your organization’s needs. You should also enable auditing and reporting to track user activity within your environment.

In addition, it is advised that you activate notifications to identify and tackle threats as quickly as possible. Microsoft 365 security allows you to create alert policies that keep you informed about potential vulnerabilities and sudden changes in your systems. You can track and manage alerts triggered by activities related to data loss prevention, mail flow, permissions, threat management or information governance.

9. Check Your Microsoft Secure Score

The Microsoft Secure Score (MSS) provides you with a comprehensive view of your organization’s security status. You can use this dashboard to monitor metrics about the security posture of your environment and check the suggested actions that you can perform to improve this score and keep your organization’s cloud data safe.

MSS offers real-time measurements, which change in case you activate or deactivate Office 365 security settings or install third-party data protection solutions. The tool constantly assesses your status and offers recommendations accordingly.

A score below 30% indicates that your environment is highly vulnerable to threats. In this case, you should take immediate action and apply security best practices to reach or surpass the recommended 80% threshold. A 100% score is attainable when Microsoft 365 Defender is working in full force in conjunction with a third-party security solution.

10. Deploy a Third-Party Backup Solution

Even with all the security features provided in Microsoft 365 plans, you may still be at risk. New undetectable malicious attacks can still infiltrate your Microsoft 365 environment and compromise your organization. To avoid both financial and reputational damage while trying to recover your data after an attack, deploy a third-party backup solution like NAKIVO Backup & Replication, which offers fast incremental backup for Microsoft 365 apps.

According to Microsoft’s Shared Responsibility Model, the organization using the applications to generate and store data in Office 365 is solely responsible for the safety of your data. You have to implement the necessary security mechanisms as well as implement a backup strategy with a third-party solution to ensure recovery no matter what. The NAKIVO solution provides functionality for fast backups of Microsoft Office 365 data and instant recovery of any item to where it is needed.

1 Year of Free Data Protection: NAKIVO Backup & Replication

1 Year of Free Data Protection: NAKIVO Backup & Replication

Deploy in 2 minutes and protect virtual, cloud, physical and SaaS data. Backup, replication, instant recovery options.

Get the Free Edition

People also read

Picture
ESXiArgs Ransomware Attacks: Risks and Data Protection
Picture
How to Create a vSan Cluster: Configuration Guide
Picture
Cloud Disaster Recovery: A Complete Overview