5 Tips to Properly Secure Your Microsoft 365

Did you know that more than 70% of businesses have suffered a public cloud breach within the last 12 months?

With the migration of many organizations to cloud workflows and platforms like Microsoft 365, cloud security has in fact become a major issue!


So here are 5 tips you can adopt to properly secure your Microsoft 365!


#1: Turn On MFA (Multi-Factor Authentication) for All Users

If you are too lazy to read the whole article or secure your Microsoft 365, here is the single most important thing you can do to protect your user accounts from being breached – add a second factor of authentication by turning on multi-factor authentication for all users. This setting will require users to set up a device that receives a login code that is entered along with their username and password to gain access. This would help to stop hackers from getting into an account even if they have the password as they won’t generally have access to the device that receives the code.


#2: Turn On Anti-Malware Protection

There is a setting you can have turned on in Microsoft 365 that will block email attachments that are file types known to contain malware. This helps protect users against phishing attacks, which is the number 1 attack method for data breaches and malware infections. This is done in the Security & Compliance Center, under Threat Management > Policy > Anti-Malware. The “Common Attachment Types Filter” should be switched to “On.”


#3: Improve Ransomware Safeguards

There are two things you can do to help protect against ransomware that comes in via file attachment. Ransomware can infect a cloud account and encrypt all files, making them unusable. Without a proper cloud backup for SaaS data protection, you could lose access to all your account data and be at the mercy of the attacker demanding a ransom. The two settings to configure for this are:

  • Warn Users of Macro Files: In the mail flow category of the Exchange admin center, create a new rule to warn users that macro-enabled files can contain malware and to only open if they know it to be from a legitimate sender. File types to target are: dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm.
  • Block File Types Known for Ransomware: Another rule to set up in the mail flow category is one to block file types that are known to be used for ransomware. This includes: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif.

#4: Use Just One Dedicated Global Administrator Account

Have you heard of the phrase “too many cooks spoil the broth”? Well, it applies here as well. The more user accounts you have with admin privileges in Microsoft 365, the more chances a hacker has of compromising a high-level account. And if those accounts are used for other activities, like email and logins to online Microsoft resources, it makes them even more vulnerable.

You can add a dedicated global administrator account that is used only for administration activities without adding any additional user licenses. Users then just log into this account when they need to handle admin functions and log back out when finished. This reduces the risk of an admin-level account being breached. Smart, right?


#5: Use Email Message Encryption (Premium Subscriptions)

Subscribers of Microsoft 365 Business Premium can take advantage of email message encryption. This comes pre-configured and can also be used with company security policies used in the platform. Message encryption can be used with Outlook.com, Yahoo!, Gmail, and other email services used with the platform. It allows users to easily add these two protections to a message and its attachments:

  • Encrypt
  • Do not forward

Using encryption can thus help your team better protect sensitive information that’s sent via email.


Want to heighten the security of your Microsoft 365 for your business? Click the green button below to contact us today!


eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.


And while we are at this, do remember to upgrade your MS Office Apps because from November 1, 2021, the following versions of Outlook for Windows, as part of Office and Microsoft 365 Apps, will no longer be able to connect with Office 365 and Microsoft 365 services:

  • Office 2013 version 15.0.4970.9999 and older
  • Outlook 2016 version 16.0.4599.9999 and older
  • Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus) version 1705 and older
  • Microsoft 365 Apps for business (formerly Office 365 Business) version 1705 and older