Microsoft 365: 5 Security Best Practices

Blog|by Alanna|22 December 2022

Five Microsoft 365 Best Practices To Boost Cyber Security

Many of the following best practices fall under the remit of basic cyber security hygiene. The vast majority of successful cyberattacks could be prevented by implementing simple, yet highly effective plans and processes.

1 in 4 SMBs state they experienced a cyberattack in the last year.

(Forrester)

Effective cyber resiliency to defend against these attacks requires a holistic approach, able to adapt and withstand evolving threats to core services and infrastructure.

To get you moving in the right direction, here are five practical cybersecurity best practices your business can use to keep its data safe and secure and how Microsoft 365 helps you get there.

1. Make sure you’re using multi-factor authentication

One of the most effective ways of reducing cyber threats to your business is introducing multi-factor authentication (MFA). Microsoft’s Mutli-factor authentication service is part of its Azure Active Directory.

In a nutshell, MFA means that if you’re attempting to access important organisational assets that are password protected, such as a Customer Relationship Management system, you’ll need two pieces of evidence that prove you have the required authority and details to gain access.

Ensuring MFA is employed in your organisation will not only reduce password-based attacks, which still constitutes the main source of identity compromise instances, it will also help your business move closer towards ‘Zero Trust’.

2. Protect your administrator accounts

Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. If these admin accounts are compromised, unauthorised users could gain access to confidential files, Azure resources and company users accounts.

Cybercrime as a Service (CaaS) entities are increasingly targeting companies, stealing vast amounts of sensitive information and selling this data on. For CaaS entities, admin accounts are their primary target, because of the level of access and privileges that are afforded to them. In order to reduce risk as much as possible make sure you:

  • Only have as many admin accounts as is strictly necessary (the fewer the better)
  • Adhere to the principle of least privilege (people should only have access to information and data that they need to do their job)

Microsoft have recently introduced brand new pre-set security policies for Exchange Online Protection and Microsoft Defender which includes brand new ‘profile’ classifications. These profiles include standard and strict classifications. Standard profiles provide a baseline level of protection that’s suitable for most users. Strict profiles offer more aggressive protection for select users (high value targets or priority users).

3. Defend against user error

Emails can contain malicious attacks disguised as harmless communications. Email systems are especially vulnerable, owing to the large numbers of people who handle emails, and safety relies on humans making consistently good decisions with those communications. Therefore, it’s important to invest in training and ensure everyone knows what to watch out for whether it’s spam or junk mail, phishing attempts, spoofing, and malware in their email.

Microsoft has a great set of documentation on this available via Microsoft Learn.

Microsoft 365’s Exchange Online has a number of tools that can help detect these characteristics in emails, and block them or warn users:

  • Anti-spam filter – Microsoft uses data generated across millions of tenants to identify and filter out these types of emails.
  • Anti-phishing checks – these types of attacks go beyond simple spam, Microsoft 365 uses machine learning to create a map of users that an email recipient corresponds with and uses this to determine whether a sender is real or fake.
  • Malware and attachments – Microsoft 365 defends against malware using intelligent tools to scan and detect malicious payloads.
  • Link analysis – Microsoft 365 scans links in emails to identify potentially dangerous destinations, and alerts the user against clicking those that are suspicious.

4. Use the cloud for secure productivity

Office apps such as Outlook, Excel, Word enable people to work productively and more securely across devices using the cloud, reducing the need for emails. Secure links can now be shared that are stored in SharePoint or OneDrive as opposed to the riskier method of sending documents over email.

Use Microsoft Teams as one of the best ways to collaborate and share securely. With Microsoft Teams, all files and communications are in a protected environment and aren’t being stored in unsafe ways outside of it.

Grant people only the access they need to do their jobs. Sometimes, default sharing levels for SharePoint and OneDrive may be set to a more permissive level than they should. Review and if necessary, change the default settings to increase security and better protect your business.

5. Proactive maintenance and monitoring

After the initial setup and configuration of Microsoft 365 is complete, your organisation should create a maintenance and operations plan. As people come and go, users will be to be added or removed, passwords will need to be reset, and devices may need to be entirely reset. To revisit an earlier point, you’ll also want to make sure that only people within your organisation have access to the most important systems.

If you want to understand how to implement monitoring of your Microsoft 365 environment, get in touch with us and we can advise you.

Webinar: Defend against cyber threats with Microsoft 365

If you still have questions about Microsoft 365 Security, we’re running a webinar in the New Year to help you. Learn how Microsoft 365 Business Premium defends against cyber threats. The key areas of Microsoft 365 that will be covered are:

  • Microsoft Defender for Office 365
  • Microsoft InTune
  • Microsoft Purview
  • Microsoft Authenticator App
  • Windows Hello

Join us on 24 January 2023 at 10:00 AM to get fresh insights and the opportunity to ask our Microsoft 365 product expert any questions you may have in the following Q&A.

Sign up here

 

22 December 2022 | Blog
Previous post
We’re at Cloud Expo Europe 2023, 8-9 March
Next post
Acronis Cyber Protect Cloud December 2022 release
Alanna

Related News

Cyber Assessment Framework

What is the Cyber Assessment framework? The Cyber Assessment Framework (CAF), developed by the UK’s National Cyber Security Centre (NCSC), is a structured approach designed to help you assess and improve your cyber resilience, particularly if you’re responsible for critical...

Blog|30 May 2025
Design Smarter, Not Harder: What’s New in Adobe Creative Cloud

In May 2025, Adobe Creative Cloud rolled out powerful updates across its suite of tools, with a strong focus on AI-driven creativity, speed, and collaboration. For small and medium-sized businesses (SMBs), these updates aren’t just bells and whistles-they’re game-changers that...

News|28 May 2025
Readying your cloud migration: operating models and Azure landing zones

Learn how to migrate to the cloud in episode five of our Azure series. Previously, we covered the why and what of your migration and walked you through some helpful tools to help you understand the cost of your migration....

Videos|28 May 2025
Grey Matter celebrates double win at ESET UK Partner Awards

Recognition for our partnership engagement at the ESET UK Partner Awards We are thrilled to announce that we have been named Engagement Partner of the Year at the ESET UK Partner Awards 2025. This recognition highlights our unwavering commitment to...

News|27 May 2025

Select Your Region