How to secure Office 365


More and more people are moving their services to the cloud, not only does the cloud offer more flexibility and functionality but it can also help with the connectivity of remote users and help towards the implementation of business continuity. Users of the popular Microsoft Office are moving over to Office 365 to help with this flexibility.

However, using Office 365 straight out of the box doesn’t fully ensure that the business and its users are secure. This blog article helps people ensure they are doing their upmost with the security of their information and systems.

Enabling MFA for all users.

As soon as you start using Office 365, you should enable Multi-factor authentication for all users, this helps ensure that if anyone’s credentials are compromised, the attackers can’t just access the user’s information.  They need a second form of authentication, usually via a text message or mobile app acknowledgement.

More information on how to enable MFA for all users can be found in the Microsoft article here:

Least Privilege access

As with any security best practice, you should only grant the access that the user needs, if people don’t need to be in specific groups, make sure they are removed when no longer needed. This not only stops the leakage of information but also helps ensure that people only have access to what they need, which helps protect the business in case of a compromise.

Security and Compliance

The security and compliance section within the Office 365 portal allow you to see how secure your business is with using Office 365. From adhering to information security and the GDPR best practices to how to govern the data and its associated flows.

You should have a look at this at least every quarter to see how you are faring, especially reviewing the Microsoft Secure Score section, this section shows you your secure against Microsoft’s best practices, the higher the scope, the more secure your business and information is.

Cloud App Security

If your business utilises a number of cloud based products, such as Azure, Amazon AWS as well as Office 365, you should be collating all the logs to ensure that noting untoward is happening.  This can be quite the challenge; Microsoft’s Cloud App Security portal helps with monitoring and dashboarding all the cloud based apps into one place.

More information on this can be found here:


Although this blog is by no means exhaustive, it’s a good way to ensure that you are doing your upmost to start protecting your users, information and business. I’d recommend that you look at and follow the Microsoft Office 365 security team and their blog, which can be found here:

Previous Post
Cyber Essentials vs Cyber Essentials with IASME Governance
Next Post
Cyber liability insurance: 5 areas of consideration

Related Posts

No results found.