The Top 5 Office 365 Security Best Practices for Your Network

Make no mistake, you don’t necessarily need to be worried about the overall security of Office 365 as a platform. As a whole, security is a major focus for Microsoft — but it should be for your company, too. Microsoft spends over a billion dollars every year on cybersecurity for the Office 365 platform and more, but even with all the security measures they develop and put in place, there still needs to be work done on your end to ensure that your organization is secure. Also, with more than 135 million active users, Office 365 is no stranger to cyber attacks, so it’s crucial that your company has the right processes in place to make sure you’re protected.

One of the things you’ll want to pay attention to is how data breaches commonly originate so you can prioritize how to structure the security of your network. The biggest risk stems from the obvious culprit — passwords. Weak passwords are often the root of a data breach because they’re easy to steal or hack. Hackers can then log in to your network and impersonate users and wreak havoc within your organization under the guise of someone you trust.

Phishing scams are another major concern, and they’re getting more sophisticated every year. This is just another way that hackers can get ahold of your weak passwords and then use them against you.

With all the risks that are out there for your network and data, you can’t leave it to Microsoft and their basic security settings to keep you covered. Microsoft offers a number of security options from location blocking to tools that let you review and analyze your security — but which ones will keep you protected right out of the gate? Here are our top five recommendations to improve the security of your Office 365 implementation.

5 Security Recommendations for Office 365

1. Multi-Factor Authentication

Back to your passwords — once you start using Office 365, your username and password are no longer going to be enough to stay secure. You’ll want to take advantage of multi-factor authentication to give your logins more robust security. One of the phishing scams you could run into once you start using Office 365 is a fake login page that could trick employees into giving away their credentials — with multi-factor authentication you won’t have to worry about it. The process works with a username and password but adds a second step. Office 365 currently requires two or more of the following steps for verification:

• A randomly generated passcode
• A phone call
• A smart card (virtual or physical)
• A biometric device

2. Secure Score Monthly

Want to know how secure your Office 365? Secure Score is a proactive security management service offered through Office 365 that can tell you what you’re doing right — and what needs attention. Secure Score determines what services you’re using and analyzes your security settings and assigns a score to your current setup. With your score, you’ll also receive recommendations that you can use to improve your score and your overall security.

With Secure Score, you’ll also be able to see a baseline score. This score is put together from seven different groups that you can use to compare your own results against companies of a similar size. (Want a tip? You get 100 points just by enabling multi-factor authentication for your global admins.)

Review your report monthly to stay on top of all the security options that Office 365 has to offer and to implement the recommended changes to help improve the state of your security.

3. Conditional Access

Stolen user identities are one of the top ways that hackers can gain access to your Office 365 environment. Using conditional access can make sure that only your people are gaining access to your data and private information. So, who should you kick out? Use geolocation blocking to make sure the guy who tried to log in from Ohio and seconds later is now trying from Japan doesn’t gain access. Azure Active Directory (AD) Identity Protection allows you to monitor suspicious events, risky logins, and risky users. With Azure AD, you can set conditions to block users by location, device, flagged sign-ins and cloud apps. And conditional access allows you to apply the correct access controls under the required conditions, which keeps the wrong people out and the right people in.

4. Legacy Protocols

Disabling Office 365 legacy protocols like POP3, IMAP and ActiveSync are a great way to add an added layer of security to your Azure AD. These protocols provide web access through Azure AD, so turning them off keeps hackers from accessing your corporate data through the web.

5. Modern Authentication

Finally, you’ll want to make sure you start using modern authentication for as many users as you can. Why should you do this? Outlook doesn’t allow for ADFS or a normal single sign-on experience, instead they require you to enter your credentials every single time, and no one wants to do that. Plus, most users are going to cache their credentials anyway.

By enabling modern authentication, you can create an environment where users can sign in through an Active Directory Authentication Library. This lets you use protected logins like multi-factor authentication, and allows users to access Outlook from their devices safely.

If you’re using Office 365, having these five security best practices enabled will help you increase your protection and keep you safe from hackers in the long run. The sooner you have these steps set up, the sooner you can have peace of mind that your environment if fully locked down. Don’t leave an easy loophole for hackers to access your important data. If you’re not sure where to start, Inversion6 can help. We offer CISO For Hire services that provide you with a locally-based, experienced information security professional who can help you develop and execute a proper security plan for your network. Interested in learning more? Contact us today.