Microsoft Office 365 – how can we function in the professional and academic world without it? It provides Outlook, Word, Excel PowerPoint, and One Drive, OneNote, Skype, Calendar all neatly compiled into one account. All our mental work is essentially kept here. What can we do to ensure that our organized copies of our minds are not taken from us? Here are 10 steps:
Step 1: Set a Strong Password Only You Will Remember and Change it Periodically
Hackers try to infiltrate accounts with password spraying, so it is important to have a complex password for others, but one you can remember. Longer passwords are more secure, with insertions of numbers, special characters, and capitalizing letters.
Step 2: Enable Multi-Factor Authentication
Microsoft Azure, a set of cloud services for organizations, has a Multi-Factor Authentication (MFA) system and it is the top security recommendation for all clients. Azure MFA is included with the Microsoft 365 Business package.
Step 3: Configure Conditional Access
If you are operating in mainly one locational area, enabling Conditional Access will be useful to prevent hacking, as it allows the blocking of all foreign login attempts. Interestingly, most organizations, even a small company with less than 10 employees operating only in the United States, have login attempts from around the world without the company ever being aware!
For employees who are traveling abroad, a mitigating rule is available where the employee may access their account from a company managed or compliant device
Step 4: Use Secure Score
Microsoft has released a new Microsoft Security Center just last month! Its Secure Score system uses machine learning to help pinpoint the best security measures with your Microsoft 365. The score provides the “grade level” of your collective state in securing your identities, data, devices, apps, and infrastructure, and also provides the score breakdown of each of the areas.
Step 5: Secure Mail Flow
With Office 365 and Azure SSO, you can configure Valimail Domain-based Message Authentication, Reporting & Conformance (DMARC) monitoring. Have the appropriate experts to set up and configure this as well as the Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) as well.
Step 6: Enable Logging and Auditing
Microsoft’s Azure Sentinel can log events from your Office 365, Azure, and Amazon Web Services (AWS) instances.
Step 7: Use Mobile Device Management and Mobile Application Management
Microsoft 365 Business has Microsoft Intune to manage your Windows 10, iOS, and Android devices. Intune allows you to set which apps on a mobile device can access corporate data.
Step 8: Turn on OneDrive Known Folder Protection
This will allow your users to backup their desktop and document folders securely into the cloud. If the device with the files gets infected with ransomware – which is unlikely with Microsoft Defender Advanced Threat Protection and Windows Defender Application Guard – Microsoft OneDrive keeps 100 versions for every file by default!
Step 9: Prepare for Worst-Case Scenario
Any user within a company could be a weak link and gateway to a severe cyber attack. Seek professionals to consider all cyber vulnerabilities in your firm and ensure you have the framework, policies, and controls in place to address them.
Step 10: Set Up Role-Based Access for All Employees
Each employee has a different role in the company. Review what set of access each employee type needs and grant them just the appropriate level of access for their specific role in the company. This is the “just-enough-access” policy companies use to make sure that in the event an employee’s account is breached, the hacker is limited to only the authorized limited level of access the employee has instead of the full-scale level.
Most customers are leveraging the full stack of Microsoft products. With this article, you may now have a better idea of the breadth of advanced capabilities available in securing your firm’s data and their cloud environment with just having Microsoft 365 Business. If there are any features you’d like to set up but are unsure how to do so, cybersecurity professionals are well-informed to assist with the set-up process seamlessly.