What Are the Easiest Ways to Boost Microsoft 365 Security?

What Are the Easiest Ways to Boost Microsoft 365 Security?

Implementing Microsoft 365 Security Tweaks is a must for any new Office 365 Tenant. Did you know that when you first sign up for a Microsoft 365 subscription that it’s not defaulted to the most secure settings?

The platform offers multiple security enhancements for phishing protection, malware, credential theft, and more, but many of those configurations are left in the user’s hands.

So, if you’re not customising Microsoft 365 security settings once you begin using the platform, you could be leaving your cloud data and accounts at risk.

A survey of senior IT professionals found that security misconfiguration was their top cloud environment concern, with 67% of them worried about this risk.

Unfortunately, many Sydney businesses try to handle their Microsoft 365 account themselves, and often this means important security customisations aren’t put in place to protect their account from phishing, ransomware, insider threats, and more.

Following are several security configurations and best practices that are fairly easy to implement, and can significantly boost the security your Microsoft 365 account.

Microsoft 365 Security Tip 1: Use One Dedicated Admin Account

Microsoft 365 admin accounts are some of the most sought-after credentials by hackers. If they gain access to a user account with admin privileges, they can do much more damage than if they hack an account with lower permissions.

To reduce the risk associated with admin accounts, use one dedicated account rather than granting users admin permissions on their own accounts. Users can then just log into the dedicated account as needed and log back out when admin work is completed.

This increases security in two ways:

  1. Reduces the number of admin accounts you have
  2. Reduces the risk because the admin account isn’t being used for email or other activities

Microsoft 365 Security Tip 2: Turn on MFA for All Your Users

The simplest and most impactful way you can stop compromised or hacked login credentials on your user accounts is to implement multi-factor authentication (MFA). This will then add an extra step when users login, which is the requirement of a code that is sent to a user device when they enter their username and password.

According to Microsoft, MFA can stop 99.9% of all fraudulent sign-in attempts by hackers that have user passwords.

Microsoft 365 Security Tip 3: Implement Safe Attachments & Safe Links (Premium Subscriptions)

Two important phishing protections that are available to subscribers of Microsoft 365 Business Premium are Safe Attachments and Safe Links. These are both features of Microsoft Defender for Office 365.

With Safe Attachments, you can create rules to detect dangerous file attachments that may be present in emails and apps like SharePoint, OneDrive, and Teams.

Do this by:

  • Going to the Security & Compliance Center
  • Choose Threat Management > Policy
  • Select Safe Attachments
  • Select “Turn on ATP for SharePoint, OneDrive, and Microsoft Teams
  • Select + to add a new policy
  • Click to Block current and future emails and attachments with detected malware
  • Designate a redirection quarantine mailbox
  • Save policy

Safe Links will offer a similar protection, but it protects against URLs to malicious websites, which are actually used more often in phishing emails.

Do this by:

  • Going to the Security & Compliance Center
  • Choose Threat Management > Policy
  • Select Safe Links
  • Double-click to edit the Default policy under “Policies that apply to the entire organization”
  • Under “Settings that apply to content across Office 365,” enter a URL that you want to block, and select +
  • Under “Settings that apply to content except email,” select “Office 365 applications, Do not track when users click safe links”, and “Do not let users click through safe links to original URL.”
  • Save

Microsoft 365 Security Tip 4: Keep Emails from Being Auto-forwarded Outside Your Company

A common tactic of hackers that gain access to a Microsoft 365 account is to auto-forward that user’s email to themselves. This can allow them over time to access sensitive company data and potentially other online accounts as well.

Set up a rule in your mail flow settings that prohibit auto-forwarding of emails outside your domain to reduce your risk.

Here’s how to do that:

  • Go to the Exchange admin center
  • Select Rules in the mail flow category
  • Select + to add a new rule
  • Select More options
  • Add the following parameters: If sender is internal and recipient is external and message properties are Auto-forward, then block message and add an explanation
  • Set a warning explanation such as “This action is prohibited.”
  • Save rule

Microsoft 365 Security Tip 5: Increase Malware Protection by Blocking Dangerous Mail Attachments

You can increase your anti-malware protection in Microsoft 365 by turning on a feature that will block file attachments that are commonly used to carry malware.

To do this:

  • Go to the Security & Compliance Center
  • Go to Threat Management > Policy > Anti-Malware
  • Double-click to edit the default company policy
  • Select Settings
  • Select On, under Common Attachment Types Filter
  • Select Save

You also have the ability to edit the default attachment types that are blocked.

How Securely Configured is Your Microsoft 365 Tenant?

There are multiple security configurations in Microsoft 365, and if you’re not aware of how to use them, your account could be vulnerable to attack. GKM2 offers expert Microsoft 365 customisation and management.

Contact us today for a free consultation. Call +61 2 9161 7171 or reach out online.