5 Best Practices for Securing Your Microsoft 365 Account

Founder & CEO at Dynamix Solutions

5 Best Practices for Securing Your Microsoft 365 Account

Microsoft 365 is one of the most popular cloud services for businesses of all sizes. It includes the popular Office programs (Word, Excel, PowerPoint, Outlook) as well as multiple collaboration and productivity tools. 

In Canada, there are over 82,000 companies that use the Microsoft 365 platform for their office productivity needs. But far too many are unsure how to properly protect their accounts from a data breach.

Cloud account hijackings have risen dramatically during the pandemic because more companies have made the transition to cloud workflows, and hackers go where the data is.

In 2020, attacks on cloud accounts increased by 630%.

Microsoft 365 comes with multiple security protections that companies can use, but many of these aren’t enabled by default. Providers like Microsoft must balance user convenience with security. It’s up to users to understand the security settings available and apply those that they find most pertinent to their needs.

One of the common mistakes many small businesses make is not exploring their Microsoft 365 security settings, and instead, leaving their accounts more vulnerable.

Below are some of the most helpful security settings to enable in your account to keep your data secure and your accounts from being hijacked.

Use a Dedicated Admin Account

The more admin-level accounts that you have in your platform, the more risk. If a hacker breaks into an account with administrative privileges, they can do more damage than if they breach a lower-access account.

Microsoft 365 allows you to set up a dedicated admin account without having to pay for an additional user license. This account is not used for email or similar user functions and instead is used only when administrative tasks need to be done.

Any admins you have will log into this dedicated account to perform those tasks and then log back out and into their own user account, without admin access. This significantly reduces the risk of a high-level account being breached. 

Block Email Auto-Forwarding Outside Your Domain

One of the tactics that attackers use once they breach an account is to forward that account’s email to their address in hopes of gathering some sensitive data that can be sold on the Dark Web. 

Users often won’t realize their account was breached or that their email is being forwarded unless they specifically look at their mail forward settings.

You can block the forwarding of emails outside your company domain to help prevent this from happening.

To do that:

  • Go to the Exchange admin center.
  • Select Rules in the Mail Flow category.
  • Click “+” to create a new rule.
  • Select More Options at the bottom of the window.
  • Apply the following rule settings:
    • If the sender is inside the organization, and the recipient is external, and the message type is “Auto-forward,” then block the message, and add message text “This forwarding function is prohibited.”
  • Click to save the rule.

Set Up Multi-Factor Authentication

Multi-factor authentication (MFA) is one of the best ways to keep accounts from being breached. It’s difficult to ensure all users are using strong passwords, and MFA provides a security blanket against weak or breached passwords. 

Microsoft states that it sees over 300 million fraudulent sign-in attempts on its cloud services daily and that enabling MFA can block 99.9 percent of them. 

Once MFA is enabled for all users in your account, when users next log in, the system will prompt them to set up MFA with their device.

Beef Up Malware Defenses 

You can improve the default level of protection in your Microsoft 365 environment by enabling an additional safeguard against malware. This helps you block unwanted file attachments that are known to be used in phishing attacks.

To do this for your company-wide email:

  • Go to https://protection.office.com/ and log in as an admin.
  • Look for Threat Management in the Security & Compliance Center.
  • Choose Policy > Anti-Malware.
  • Double-click the default policy to edit it and select Settings.
  • Under the Common Attachment Types Filter, select “On.”
  • Select Save.

When you turn on the policy, you’ll be able to see a list of the blocked file types that you can edit.

Use Email Encryption

One of the functions included in Microsoft 365 business accounts is email encryption. This encryption works with Outlook.com, Yahoo!, Gmail, and other email services. 

Encryption codes sensitive messages so that only the recipient can read them. This keeps confidential information from being breached while it’s in transit from sender to receiver.

Users can use this function for two protections:

  • Encrypt
  • Do not forward

To use it, users would create a new message and then look for the Permission settings under the Options menu. In Outlook.com, it will be under the Protect menu.

You can see more details here.

Contact Dynamix Solutions Today to Ensure Your Cloud Accounts are Properly Secured

Misconfiguration of security settings is a major cause of cloud data breaches. Dynamix Solutions can help your Toronto or Calgary business set up Microsoft 365 and other cloud account security to keep your data better protected.