Top 8 ways to secure Microsoft 365

Microsoft 365 has many security features and capabilities built in, however with a few simple steps you can better secure Microsoft 365 and greatly increase your cybersecurity stance with some easy changes to system configuration and business practices.

1) Enable Multi-Factor Authentication

Multi-Factor Authentication is by far one of the most effective ways to secure Microsoft 365 accounts from hacking. When you have multi-factor authentication in place, your employees will be required to enter in a unique, constantly changing code along with their usual username and password in order to log on to their Microsoft 365 account. Even better, Microsoft 365 has some super clever features that mean you will not be constantly prompted for this code if you are connecting from a trusted location or device.

Using Multi-Factor Authentication ensures that your valuable data doesn’t get compromised should your employees use easy-to-guess passwords or leave the password written down out in the open. While it’s important to use strong passwords, this second step ensures that a malicious party won’t be able to gain access as they would need the employee’s phone as well.

2) Use dedicated admin accounts

Your admin accounts come with elevated privileges, options, and security features. The people who use these accounts can grant rights to other users, install software, and more. This makes them a prime target for cybercriminals and hackers. Each administrator should have their own account, and they should have a separate user account for non-admin tasks.

Every admin account should have multi-factor authentication equipped. You should also routinely monitor these admin accounts to ensure they’re not granting unauthorised privileges to users who don’t need them because this increases your security risks. When an admin leaves the business, immediately shut down their admin account so they can’t use it against the business.

3) Educate your staff to be cyber-safe

The Harvard Kennedy School has an excellent handbook to assist you in training your staff on cybersecurity called the Cybersecurity Campaign Handbook. This book can help you set up a culture of cybersecurity awareness that your staff can use from the moment you hire them. You’ll train your users to identify phishing attacks through their emails to keep hackers out.

Your staff should know what a strong password is, and how to set them up, how to protect their devices and how to enable security features on Mac PCs and Windows 10. Giving your staff ongoing training allows them to keep up with the latest threats.

4) Protect against ransomware with mail flow rules

Ransomware is a program that restricts an infected computer’s access to data by locking the computer or encrypting the data. Once you get locked out of the computer, it usually asks for a “ransom” to extort money out of the victims. This money is typically cryptocurrency like Bitcoin, and the hackers claim they’ll give you access back to your computer once they get the money.

You can create mail flows that block any file extensions that cybercriminals commonly used for ransomware. You can either block all file types that could contain malicious code or ransomware, or you could set up a rule that warns your staff that they’re about to open an Office file attachment that has macros.

5) Raise your malware protection levels

Malware is an umbrella term that covers many types of software that purposely damage a computer. Malware can be Trojans, viruses, spyware, ransomware, or worms. Malware is short for “malicious software,” and training your staff on avoiding it is critical.

Luckily, Microsoft 365 comes with built-in protection against Malware. You can enhance this protection by automatically blocking file types or attachments that cybercriminals commonly use for malware.

6) Set up Office message encryption

Encryption adds another layer of protection to any messages you send both inside and outside of your organisation. This way, if a staff member accidentally types in the wrong email and sends it to an unintended party, they can’t pass it around. The encryption lets only the intended party see the email when they open it.

You can have your staff use the “Do not forward” or the “Encrypt” prompt each time they send an email. Encryption comes built into Office 365, and it works with Yahoo!,, Gmail and other email providers.

7. Disable the ability to auto-forward emails

Your emails are a vulnerable point for your organisation, especially if your staff have a habit of forwarding them. Any hacker that gains access to your staff’s inboxes can configure the inbox to automatically forward mail. When they do, they can attach Malware to the email and spread it throughout the organisation.

The first step you take is to make sure your staff aren’t forwarding emails on their own. You can set up a mail flow rule that prevents auto-forwarding emails from external senders. This way, even if a hacker does get in, they won’t be able to infect the entire system.

Your staff will routinely receive, share, and send attachments like spreadsheets and presentations. It’s very difficult to tell which attachments are safe to open and which ones are infected with malware.

Some Microsoft 365 plans come equipped with Advanced Threat Protection built-in. This suite includes ATP Safe Attachment protection. You have to enable it and set up a new rule for it. However, it can protect your staff from spreading malicious software through attachments.

8) Defend your email from phishing

You can configure anti-phishing protection in both Office 365 or Microsoft 365. You can set up a policy to protect your custom domain and your staff. This software protects your organisation from general phishing attacks and malicious impersonation-based phishing attacks. Hackers won’t be able to send impersonation emails from any user you have listed in your custom domain.



Explore this topic further

You may also like…

Automate repetitive and time-consuming tasks with Power Automate

Automate repetitive and time-consuming tasks with Power Automate

Power Automate is a tool for automating repetitive and time-consuming tasks. As part of the Microsoft Power Platform, it can integrate quickly and easily into other Microsoft apps such as SharePoint and Outlook but can just as easily integrate with hundreds of non-Microsoft apps using an extensive collection of third-party and custom connectors. Even older legacy apps can be automated using a feature called Robotic Process Automation.

The top 5 cybersecurity threats all CEOs must understand

The top 5 cybersecurity threats all CEOs must understand

Navigating cybersecurity under normal circumstances is a challenge, let alone in an uncertain world where Covid-19 has caused a rapid shift in the way people and organisations work. This shift has led to cybercriminals upping the ante by devising new and easier ways to manipulate people and hack into companies, making cybersecurity threats greater than ever before.

5 questions board members need to ask about cybersecurity

5 questions board members need to ask about cybersecurity

Cybercrime is now a multi-billion-dollar industry that impacts organisations of all shapes and sizes. That means cybersecurity is no longer a matter to be left to your IT department. Ensuring that your organisation is properly protected from cyberattack must now be a board level priority.