What Are the Best Security Customizations for Microsoft 365 Business Accounts?

If you’re using your Microsoft 365 business account without any security customizations, your data and user accounts could be at risk of a breach.

Many users think that the most secure settings are activated by default in a cloud platform but this is not the case. Microsoft gives users the ability for great security but it is left up to the company to configure these settings. Many business owners don’t even realize that they need to do this.

Unprotected cloud data can be subject to being infected by ransomware or other malware or can be compromised by a hacker gaining account access. 70% of surveyed organizations reported suffering a public cloud data breach within the last 12 months. 

The lack of awareness about security configurations in cloud platforms like Microsoft 365 is a major cause of data breaches and account compromise. Over the past year, data breaches due to misconfigured settings have skyrocketed by 424%.

Many Connecticut businesses now rely on cloud platforms for a large part of their business technology, so it is vital that cloud security is a top priority.

What are some of the easy ways that you can secure your Microsoft 365 account to avoid becoming a victim of a hacker or malware attack?

We have several tips below for settings that you can put in place to significantly increase your account security.

Tips for Securing Your Microsoft 365 Business Account

Implement MFA Account Wide

What is a single thing you can do to block 99.9% of hacked account breaches? Implement multi-factor authentication (MFA).

Those few extra seconds that users take to receive and enter a login code are very much worth it when it comes to account security in Microsoft 365 or any other cloud platform.

As MFA is turned on for all users, employees will receive a prompt at their next login to set up a device to receive the MFA code. Every time they log in, they will be sent a code that will be required along with their username and password.

Stop Outside Domain Auto-Forwards

If a Microsoft 365 account is breached, that means that the hacker has access to the user’s files as well as the email that is set up in Microsoft 365.

This can allow them to send spam or auto-forward all the user’s emails to their own account. Auto-forwards can go undetected for quite a while because a user will not notice it in most cases unless they specifically look at their mail forward settings.

You can set up a rule to stop auto-forwards for all emails when the sender is internal and the recipient is external. Do this in the Exchange admin center > Mail flow > Rules > Create new rule.

Improve Malware Protection by Blocking Malicious Attachments

There are certain file attachment types that commonly contain viruses, ransomware and other types of malware. These include types like .exe, .vbs, .bat and many others. 

You can improve your company’s security against phishing attacks by turning on a common attachment types filter that blocks these known file threats.

To do this:

  • Go to the Security & Compliance Center
  • Choose Threat Management > Policy > Anti-Malware
  • Double-click to edit the default company-wide policy
  • Select, Settings
  • Click to turn on the Common Attachments Types Filter
  • Select, Save

You can also edit the file types being blocked in this window.

Turn on Safe Links to Block Malicious URLs (Microsoft 365 Business Premium)

A majority of phishing emails contain links to malicious sites rather than file attachments. This is because emails without any malware contained in them can often make it past mail security programs. So, they link the user to a site that contains malware or that is designed to steal login credentials.

If you are a Microsoft 365 Business Premium subscriber, you get more security tools through Microsoft Defender for Office 365. Safe Links is one of these tools.

Safe Links will actually block any malicious URLs that it detects in incoming emails or in other Microsoft applications and documents to help protect users from falling for a phishing scam.

To enable this protection:

  • Go to the Security & Compliance Center
  • Choose Threat Management > Policy > Safe Links
  • Under “Policies that apply to the entire organization,” double-click the default policy to edit
  • Under “Settings that apply to content except email,” select, “Office 365 applications, Do not track when users click safe links,” and “Do not let users click through safe links to the original URL.”
  • Select, Save

Enjoy Custom Microsoft 365 Configurations for Security & Productivity

Sound Computers has experts that can customize your Microsoft 365 account for both security and productivity so that you can stay protected and get the full value from your subscription.

Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.

December 16, 2020
Sound Computers Admin