Microsoft 365 has many security features and capabilities built in, however with a few simple steps you can improve your Microsoft 365 security and greatly increase your cybersecurity stance with some easy changes to system configuration and business practices.

#1. Enable Multi-Factor Authentication

Multi-Factor Authentication is by far one of the most effective ways to improve Microsoft 365 security and protect accounts from being hacked. When you have multi-factor authentication in place, your employees will be required to enter in a unique, constantly changing code along with their usual username and password in order to log on to their Microsoft 365 account. Even better, Microsoft 365 has some super clever features that mean you will not be constantly prompted for this code if you are connecting from a trusted location or device.

Using Multi-Factor Authentication ensures that your valuable data doesn’t get compromised should your employees use easy-to-guess passwords or leave the password written down out in the open. While it’s important to use strong passwords, this second step ensures that a malicious party won’t be able to gain access as they would need the employee’s phone as well.

#2. Use dedicated admin accounts

Your admin accounts come with elevated privileges, options, and security features. The people who use these accounts can grant rights to other users, install software, and more. This makes them a prime target for cybercriminals and hackers. Each administrator should have their own account, and they should have a separate user account for non-admin tasks.

Every admin account should have multi-factor authentication equipped. You should also routinely monitor these admin accounts to ensure they’re not granting unauthorised privileges to users who don’t need them because this increases your security risks. When an admin leaves the business, immediately shut down their admin account so they can’t use it against the business.

#3. Educate your staff to be cyber-safe

The Harvard Kennedy School has an excellent handbook to assist you in training your staff on cybersecurity called the Cybersecurity Campaign Handbook. This book can help you set up a culture of cybersecurity awareness that your staff can use from the moment you hire them. You’ll train your users to identify phishing attacks through their emails to keep hackers out.

Your staff should know what a strong password is, and how to set them up, how to protect their devices and how to enable security features on Mac PCs and Windows 10. Giving your staff ongoing training allows them to keep up with the latest threats.

#4. Protect against ransomware attacks with mail flow rules

Ransomware is a program that restricts an infected computer’s access to data by locking the computer or encrypting the data. Once you get locked out of the computer, it usually asks for a “ransom” to extort money out of the victims. This money is typically cryptocurrency like Bitcoin, and the hackers claim they’ll give you access back to your computer once they get the money.

You can create mail flows that block any file extensions that cybercriminals commonly used for ransomware. You can either block all file types that could contain malicious code or ransomware, or you could set up a rule that warns your staff that they’re about to open an Office file attachment that has macros.

#5. Raise your malware protection levels

Malware is an umbrella term that covers many types of software that purposely damage a computer. Malware can be Trojans, viruses, spyware, ransomware, or worms. Malware is short for “malicious software,” and training your staff on avoiding it is critical.

Luckily, Microsoft 365 comes with built-in protection against this form of cyber attack. You can enhance this protection by automatically blocking file types or attachments that cybercriminals commonly use for malware.

#6. Set up Office message encryption

Encryption adds another layer of protection to any messages you send both inside and outside of your organisation. This way, if a staff member accidentally types in the wrong email and sends it to an unintended party, they can’t pass it around. The encryption lets only the intended party see the email when they open it.

You can have your staff use the “Do not forward” or the “Encrypt” prompt each time they send an email. Encryption comes built into Office 365, and it works with Yahoo!,, Gmail and other email providers.

#7. Disable the ability to auto-forward emails

Your emails are a vulnerable point for your organisation, especially if your staff have a habit of forwarding them. Any hacker that gains access to your staff’s inboxes can configure the inbox to automatically forward mail. When they do, they can attach Malware to the email and spread it throughout the organisation.

The first step you take is to make sure your staff aren’t forwarding emails on their own. You can set up a mail flow rule that prevents auto-forwarding emails from external senders. This way, even if a hacker does get in, they won’t be able to infect the entire system.

Your staff will routinely receive, share, and send attachments like spreadsheets and presentations. It’s very difficult to tell which attachments are safe to open and which ones are infected with malware.

Some Microsoft 365 plans come equipped with Advanced Threat Protection built-in. This suite includes ATP Safe Attachment protection. You have to enable it and set up a new rule for it. However, it can protect your staff from spreading malicious software through attachments.

#8. Defend your email from phishing

You can configure anti-phishing protection in both Office 365 or Microsoft 365. You can set up a policy to protect your custom domain and your staff. This software protects your organisation from general phishing attacks and malicious impersonation-based phishing attacks. Hackers won’t be able to send impersonation emails from any user you have listed in your custom domain.

Speak with the Office 365 security experts

Grassroots IT are the Microsoft Office 365 security experts, keeping our clients cyber safe in Brisbane and across Australia since 2005. One thing we understand about Microsoft 365 security and compliance is that unless you work with these tools every day, it can be hard to “know what you don’t know”. For that reason, we created our Microsoft 365 Security & Compliance Packs – simple, fixed-price packs to help you take advantage of all of the advanced security and compliance features in Microsoft 365, without the complication of drawn out project scoping and design. Contact us today to learn more.