Office 365 Security Best Practices

Office 365 ATP Security Review

Businesses in different industries are embracing cloud-based solutions to thrive in today’s internet-driven environment. While the digital shift revolutionizes the workplace by cutting back costs, improving efficiency, and boosting productivity even in remote locations, the reliance on technology has also paved the way for a new global threat: cybercrime.

Office 365 security concerns are sometimes the greatest barrier for organisations holding back cloud adoption. Since Microsoft has been demonstrating huge commitment towards cyber security from OS related components to email security, in our review (we have no commercial relationship with Microsoft), this is a no brainer to follow Office 365 security best practices. A lot of features are part of Office 365 subscriptions used by medium and large businesses, allowing granular control to a large extent. It’s constantly improving, and there certainly are pain-points of Office 365 however weighing less compared to security features currently available for use.       

SME organizations relying on Microsoft’s business plans, for example, can run into a myriad of cybercriminals and hackers that can put your company at risk – from malware installations, breach of sensitive information, and more. Fortunately, there are basic practices that ensure Microsoft Office 365 users can use it as safely as possible.

Microsoft Advanced Threat Protection (ATP) 

Microsoft Office 365 ATP is a cloud-based email security service to help organisations against unknown malware and email-based threats. Additionally, it provides insight into the attacks through reporting, URL trace capabilities and related features for administrators.

You can use Office 365 ATP in the following implementations:

  • ATP provides email protection for on-premises Exchange server
  • ATP can be enabled to protect Exchange Online (cloud based) mailboxes
  • In hybrid deployment, where on-premises and cloud-based mailboxes with Exchange Online Protection for inbound email filtering

Office 365 ATP availability differs based on your subscription, please check your subscription for further information on ATP plans available to your organisation. Microsoft is constantly revising their product range, especially with security features on all their cloud products. Be sure to check with your subscription, features and latest documentations here.           

Our intention is to ensure Office 365 security features that have maximum impact on security improvement are covered without any additional investments such as high paying consultants, security products or relevant expense. 

Without further ado, here we go.

Tip #1: Go for Unified Audit Logging

Companies that share information throughout different departments can improve their level of security by enabling Microsoft’s unified audit logging. It’s a revolutionizing feature that can safely track, monitor, and search for configuration changes for every user and account. This minimizes the risk of losing critical data as one document is shared throughout different groups, applications, or domain.

Give a good think with your IT and security teams on what to log and what no to log, as there is a fine balance between volumes of just data, and useful data to be logged.

Tip #2: Enable Multi-Factor Authentication

One of the easiest yet effective ways to increase your organization’s security is to set-up a multi-factor authentication for all Microsoft accounts. All users receive mobile notifications when their account is being accessed, keeping hackers on the fence when they gain access to your password.

Tip #3: Use Dedicated Admin Accounts

Businesses that use administrative accounts can leverage better privileges, but the drawback is that it’s often a prime target for cybercriminals. Seeing as it has the highest vulnerabilities, it’s better to limit the admin accounts for administrators only.

Admins should also have a separate, non-administrative account when completing tasks beyond their duties to restrict access and minimize damages in case a hacker breaches the account.

Of course, all admin accounts should also have a multi-factor authentication and must always be logged in or out of the browser session when completing tasks.

Office 365 Tenancy Security


Tip #4: Protect Against Malware in EMails

Microsoft 365 has anti-malware programs in place, but you can increase its functionality by allowing it to block suspicious malware. Follow these steps to ensure maximum efficiency and minimum damage from malware laden emails or sharing of potentially malicious links across Office desktop apps:

  1. Email rules for ransomware

    Add conditional rules for certain attachments with extensions known for ransomware spread. For instance, attachments with macros would be added as file extensions such as dotm, docm, xlsm, xla, xlam, sltm, xll, pptm,ppam,sldm. In order to create such conditional rules, go to Exchange – mail flow – Rules – Create a new rule and add conditions such as exceptions or notify the recipient with a message. This could be a reminder that they have been sent a mail with macros.

  2. Stop auto forwarding

    If a threat actor gains access to email inbox, they can easily forward emails to forward sensitive information. Create a mail flow rule to stop auto forwarding.

  3. Anti-phishing

    Increase anti-phishing protection by refining the Office 365 threat management settings. Go to Office 365 admin portal, select Security – Threat management – Policy – ATP anti-phishing – Default policy. Click on Impersonation – edit that should take you to editing window.

      • You can then define anti-phishing impersonation conditions that would alert you, move message to junk folder or redirect messages to other mail address. For instance, the following screenshot shows an example of domain to protect. Partners, vendors and third-party domains can be added under custom domains list.
      • Don’t forget to ‘turn on impersonation safety tips’ under Actions tab (shown below in the screenshot).
      • Mailbox intelligence – Microsoft uses AI to determine user email patterns based on your frequent contacts to identify between legitimate and spoofed email from those contacts. This is available for Exchange Online Mailboxes. Turn on ‘Mailbox intelligence based impersonation protection’ that provides better handle over false positives and user impersonation detection. You can define the further action settings such as redirect message to other email address or move to junk folder.
      • Enter your trusted domain name into the ‘Add trusted senders and domains tab’.
  4. ATP Safe Attachments

    This is a feature that is available based on your Office 365 subscription. ATP safe attachments feature ensures your organisation is protected from malicious content in email attachments and files in OneDrive, Teams, Office Apps and SharePoint. You can define the policies here, for instance, the following screenshot shows a ‘block’ policy against malicious files shared via Office products mentioned earlier. Administrators can visit the reports page for further information.

  5. ATP Safe Links 

    This feature helps stop users from opening and sharing links in email messages and Office desktop applications. You can define actions for unknown malicious URLs to be rewritten and checked against a list of known malicious links, and also select action against unknown or potentially malicious links being shared in Teams. You can define trust URLs/Domains under the ‘Do not write the following URLs’ feature.

    The Bottom Line: Exploring the Best Ways to Secure Microsoft 365 

    The above is by no means comprehensive list of security features, or offers 100% (those believing in 100% security score!). Microsoft have introduced a concept known as Microsoft Secure Score, to measure an organisation’s security posture based on improvement actions taken. You can assess your organisation’s security score by visiting this URL or via Secure Score widget on the Security and Compliance Center page.

    Cyber threats have always been present throughout the years, but the abruptness of COVID-19 and the sudden shift toward a work-from-home set-up bumped up the cybercrime rate by a whopping 300 percent since the beginning of the outbreak. SME businesses and fortune companies alike are going remote in an effort to curb the spread of the virus, but the sudden uptick in cloud-based solutions come with another virtual pandemic to worry about.

    How Can We Help Protect Your Office 365?

    Dealing with cybersecurity issues can lead to costly consequences for your business, especially when your network and software run into a myriad of cybercrimes in this digitally-driven workforce. Our Office 365 Tenancy security review offers a good value on your investments. We review and ensure that your setup includes Device Management, Account Policies, Application Permissions, Security Controls around authentication, exchange, auditing & storage. Our cybersecurity company can help protect UK businesses from different threats with our penetration testing, managed security, threat intelligence, and data privacy services. Get in touch with us at 0333 050 9002 and let us find your company’s blind spots.