I have no idea why new owners think that securing Microsoft 365 is not their problem. That’s a common mistake that comes to my mind as so many people believe that Microsoft product is secure out of the box. And I have been aware of this problem for years. Do not make this mistake! If you do not follow some basic rules, you will get hacked or lose your data. Sooner or later. It’s crucial those days when we hear so many times about malware attacks spreading across the world. So does office 365 have security? Of course, but it will require some work from us.
What is Microsoft secure score?
So how can we check where we are in terms of our tenant security? Every tenant gives us access to the report called Microsoft security score. It measures our security posture against suggested settings, and in the case of new tenants usually is about 20%. Every setting which we apply will have an impact on our score. Please take a look at the image below to see an example of how it changes.
What is very important here is that it is not possible to get 100% from my point of view. Also, many of the recommended settings require top licenses like E5, which is, of course, very expensive. The default link to check your stats is here.
Security in microsoft 365 in the easy way
So you decided and bought your Microsoft 365 license, but securing Microsoft 365 is beyond your skills. You have a few options here. You can get a Microsoft 365 for free and do your tests there. The second option is to ask someone to do that for you. For example, you can buy this service from me.
Click on the image below to see details:
Ok, but let us assume that you don’t have money for Microsoft 365 expert. What can you do? There’s a small switch in your tenant “Security defaults”, which put in place five key security settings for you.
- Those settings are following:
- Enforcing Azure Multi-Factor Authentication registration for all users
- Forcing Administrators to use Multi-Factor Authentication
- Block Legacy Authentication protocols
- Requiring all users to perform Multi-Factor Authentication when needed
- Protect privilege access
So how to do that?
- Sign in to the Azure Portal as either a Security Administrator, Conditional Access Administrator or Global Administrator
- Click on Azure Active Directory, then click Properties
- Select the link at the bottom labeled Manage Security Defaults
- Set the Enable Security Defaults toggle to Yes
- Select Save
And that’s it. You are good to go.
Security in microsoft 365
As I wrote, it was an easy part, but when you check the security score, you will see more than one hundred possible improvements. Does it mean that I have to implement all of them? No, you don’t. This part is tricky. In the beginning, you should check settings that bring you much more points than others. Also, it means they are more critical.
For example: “Require MFA for administrative roles” is the most crucial setting in your tenant. It brings about 13% of the score. What I would like to highlight here security is NOT a single task. It’s the process of improvement or actually keeping a tenant in good shape.
Every day we discover a new security vulnerability that will require action from us. A good starting point for you could be this link. It’s a list of standard settings for your tenant. Please remember, many options depend on your license.
Microsoft 365 E5 security features
When you can afford and want to be secure as much as possible, Microsoft 365 E5 license is the best choice. As this is a post about security, let’s focus on it.
M365 E5 secures your cloud and physical devices. With the M365 standard license, you are protected in the cloud, but endpoint devices are not. Of course, you can use a default Windows antivirus engine, but you don’t manage it.
E5 combines everything in one solution. You can manage all your devices from a console, collect all suspicious signals from your endpoints and take necessary action. What’s critical here is that that license has automatic security features. It means that the system can take action before it is too late.
And then if you check all features included you will be that maybe the price is not too high. When you get all options from other vendors, you will pay much more.
As you saw, securing Microsoft 365 could be a one-click operation. Of course, it’s a just good start. But after it requires work in progress. And you need knowledge. You will find a lot of suitable training materials on the Microsoft website. For example, there’s entire series of Ninja training. Check those links; they will take your knowledge to a very high level. I strongly recommend them; they are just awesome.
- Become a Microsoft 365 Defender Ninja
- Azure Network Security Ninja Training
- The Microsoft Information Protection (MIP) Ninja Training
- Become a Microsoft 365 Advanced eDiscovery Ninja
- Become a Microsoft Defender for Cloud Ninja
- Microsoft Sentinel Ninja Training
If you find my blog interesting, you can subscribe to my newsletter. I promise you not to spam your mailbox.
And if you think that this article was interesting, please use the buttons below and spread the word! Thank you!