Microsoft Power Apps, SharePoint, & Microsoft 365 Consulting Company

Office 365 Security Best Practices


Office 365 Security Best Practices

Keeping your accounts safe from security threats is an important measure in today’s every-growing digital world. Today we’ll take a look at 10 Office 365 security best practices that will help you keep your Office 365 account from being tampered with.

1. Choosing a Strong Password

This one should come as no surprise. The more complex your password is, the harder it will be to steal. Although there are services such as Last Pass that keep all your passwords centralized and encrypted, chances are you don’t want to rely on those. So how do you make passwords that are complex, yet easy to remember?

Ideally, your password will have at least eight characters, where at least one of them as an upper case letter, a number, and a symbol. One way you can combine them is to use a word easy to remember—say, BigMacAndChips—and replace some letters with numbers and tack on a symbol somewhere. BigMacAndChips would become, B1gM4cAndChips! or B1gM4c&Chips!

2. Use Office 365 Secure Score

Secure Store is Microsoft’s security analytics tool, and it’ll give your administrators recommendations on how to reduce risk. It does so by giving your security practices a score, calculated by looking at your Office 365 settings and activities, and comparing them to Microsoft’s established baseline.

3. Use multi-factor authentication

Multi-Factor Authentication (MFA) has become a staple in security. An additional layer of protection, it requires users to verify a message either by phone, text, e-mail, or app notifications on their smartphone after correctly introducing their password. In cases where passwords have been compromised, Office 365 users are still protected through the MFA, as no access is provided until the second code has been entered.

For more information on MFA on your Office 365, check out Microsoft’s plan, as well as their tips on how to set it up.

4. Use Office 365 Cloud App Security

If you want track anomalous or malicious behavior, Microsoft offers the Office 365 Cloud App Security. By setting up up policies based on their given needs, the Cloud App Security lets admins review unusual activities—such as large downloads, several failed log-ins, or log-ins from suspicious IP addresses. If you have the Office 365 Enterprise E5 plan, then you can turn on Office 365 Cloud App Security right now. Otherwise, it can be purchased as an add-on for other enterprise plans.

5. Secure mail flow

For greater assurance regarding a sender’s identity, URLs, and attachments on e-mail messages, Microsoft offers Exchange Online Protection. It offers several security features such as:

6. Enable mailbox audit logging

Although some audit logging is automatically enabled in Office 365, it’s not the case for mailbox auditing. You can turn this feature on for all Office 365 mailboxes through Exchange Online PowerShell. After that’s done, you can search audit logs in the Office 365 Security and Compliance Center to find out a user’s mailbox activities.

For more information on audit logging, check out Microsoft’s mailbox audit logging in Exchange 2016.

7. Configure Data Loss Prevention

Few things can hurt a business as much as losing sensitive data. With Data Loss Prevention (DLP), you can identify sensitive data and create policies that will keep users from accidentally deleting or sharing that data. DLP is integrated with Office 365, including Exchange Online, SharePoint Online, and OneDrive, allowing compliance from your users without disturbing their work.

8. Use Customer Lockbox

Office 365 admins can use Customer Lockbox to control how Microsoft support engineers access your data during help sessions. If it’s a case where the engineer requires access to your data, Customer Lockbox will let you approve or reject said access. Requests come with an expiration time, so when the issue is resolved, the request is closed, and if access was given, it’s then revoked.

As with Cloud App Security, the Customer Lockbox is available in the Office 365 Enterprise E5 plan, and can be purchased separately with any other plan.

9. Manage Rights

To encrypt documents and e-mails so only the intended recipient can read and use them, Microsoft offers Rights Management. It’s available on the Office 365 Enterprise E3 plan, or as an Azure Rights Management add-on.

10. Manage Mobile Devices

Mobile Device Management (MDM) is another security factor Microsoft offers not one, but two solutions for. The first is MDM for Office 365; the second is Microsoft Intune. MDM for Office comes with most Office 365 paid subscriptions, whereas Intune requires a subscription by itself. Although Intune does have more options and customization, both apps let admins define which devices can be used and connected to your organization.


And those were our 10 Practices for Security! If you have any questions regarding Office 365 and security, contact us here at ESW Associates.