Posted On 22 Apr 2021
More than half the world’s businesses are using Microsoft’s Office 365 cloud services. With this popularity comes concerns, as clearly the services are going to be the number one target for hackers: it’s believed that many organisations are holding off total commitment to the cloud until security can be absolutely guaranteed. Below are the three most important features of Office 365 security that you need to have turned on.
Firstly, multi-factor authentication (MFA). This is the best way to stop unauthorised actors gaining access to your Office 365 accounts. Every time an employee logs in using their username and password, they will also need to authenticate themselves with a passcode (randomly generated and delivered via an SMS or phone call), a passcode generated by a specialised card reader that can only be accessed via a PIN, or a biometric scan of the user’s iris or fingerprint. This means that malicious actors not only have to obtain a user’s username and password, but also the physical device they use to receive the second part of authentication, something which is highly unlikely.
Secondly, mobile device management (MDM). With MDM, an organisation can manage the security for all mobile devices used by their organisation’s employees to access Office 365, whether that means a tablet, a smartphone, or a laptop. Managers can ensure that devices are always updated with the newest security patches, wipe all data from a device if it is lost/stolen, make sure that all passwords and multifactor authentication rules are being followed, seal off any areas of company data they don’t want the device to access, and make sure all data on every device is encrypted. Any company that supplies its employees with devices to access Office 365 can’t afford not to have MDM activated.
Lastly, advanced threat protection (ATP) will provide considerable extra security. With hackers continuously devising ingenious new ways of attacking company security, ATP sets out new barriers, scanning all email attachments for malware, checking every link sent by email or attachment is safe, checking all email addresses are genuine, scanning shared files across Teams, OneDrive, and SharePoint for any malware, and alerting users to potential phishing attacks. IT managers can customise Office 365’s response, setting the ways in which they want the system to react to these threats.