10 Security Tips for Microsoft 365

Nowadays, security for digital assets is one of the main concerns, since more and more organizations are deciding to move to the cloud. With new threats emerging daily, organizations must treat cybersecurity as a top priority and use all the tools and resources at their disposal to secure their data. Microsoft 365 is considered a highly secure platform, when configured correctly by an admin, which is why today we want to outline 10 security tips for Microsoft 365.

1. Activate Multi-Factor Authentication

Multi-Factor Authentication or MFA is one of the most effective ways of securing accounts. It will require users to type either a code sent to their mobile phone or use face ID/fingerprint using the Microsoft Authentication App when logging in. This prevents hackers from accessing your users‘ accounts even if they have the password.

2. Use dedicated Admin accounts

Microsoft 365 Admin Accounts have elevated privileges, making them more appealing targets for cybercriminals. Admins should use these accounts exclusively for performing administrative tasks and use separate standard user accounts for daily, non-administrative tasks; reducing the attack vector if accounts are compromised.

3. Disable Auto-Forwarding

You can disable auto-forwarding for emails using mail transport rules. This prevents the user and/or a cybercriminal from automatically forwarding all emails to an external address, protecting organizational data.

4. Use Advanced Threat Protection

Advanced Threat Protection or ATP is a feature that helps protect users from malicious email attachments, like ransomware and viruses. All attachments are scanned and executed in the Microsoft ‘’sandbox’’ environment to determine if it performs any malicious action. If the files are considered safe, they are re-attached to the message and delivered to the recipient’s mailbox.

5. Use Safe Links

The ‘’Safe Links’’ function provides URL scanning and rewriting of inbound email messages in mail flow, as well as URL verification at the time of the click. It works with links in email messages and other locations, such as SharePoint.

6. Enable Mailbox Auditing

Mailbox Auditing allows admins to track actions that users take within their own and other users mailboxes. This feature is automatically active for customers who joined after January 2019. However, for those who acquired it after this date, admins must check if auditing is enabled.  

7. Use Role-based Access Control

This feature grants admins the ability to assign roles to users, allowing or denying them to perform specific actions. For example, a billing admin can access billing only within Microsoft 365. This prevents Global admins granting more permissions than needed to other users. 

You can read more about admin roles, here.

8. Disable SharePoint and OneDrive sharing

Microsoft 365 users can share documents and files outside the organization by default. Reviewing and changing policies allows admins to disable sharing to specific sites, reducing the risk of data leaks.  

9. Use Email Alerts

This feature sends alerts for suspicious or abnormal activity, for example high volumes of data being deleted from SharePoint sites. Once the admin receives the alert, they can investigate and take action if needed.

10. Use Microsoft Secure Score

This is an analytics tool that provides numerical value for your organization’s current security status within Microsoft 365. The score is presented in a dashboard, as well as a list of recommended actions based on your organization’s current M365 environment settings. 

All the capabilities and security tips for Microsoft 365 mentioned above are included in the Microsoft 365 Business Premium license. For more information about this or any other Microsoft 365 Subscription Plan, or to schedule a non-commitment consultation with one of our experts, please contact us today.