A Guide to Advanced Microsoft Security Settings

As the threat of cyber-attacks grows, it is increasingly important for businesses to protect themselves from every possible angle. Those using Microsoft 365 subscriptions in the workplace may be aware of the variety of built-in security services offered – but do you know how to use them?

Understanding Microsoft’s Security Framework

A Microsoft 365 subscription offers a robust security framework designed to protect businesses. Some of the basic tools you will need to know about include:

  1. Azure Active Directory (AAD): Provides identity and access management solutions.
  2. Microsoft Data Loss Prevention (DLP): Allows users to set data protection policies.
  3. Microsoft Defender (previously known as Advanced Threat Protection): Guards against sophisticated threats like phishing and malware.

There are many more, but these are the three most necessary in order to understand the techniques presented here.

Controlling Access with AAD

The foundation of any cyber security strategy is access control, and this begins with multi-factor authentication (MFA). MFA greatly reduces the risk of unauthorised access, by requiring more than one form of identification in order to access accounts and data. You can enable MFA in the ADD portal, by going to the directory and looking for the ‘users and groups’ settings. 

Conditional access policies will allow you to further improve security, by defining a set of conditions under which users may access resources. For example, you can restrict access based on user location, device state, or risk level. To do this, go to the directory, and open the security settings.

Using DLP to Protect Data

DLP protects data using policies, which prevent the sharing of sensitive information either intentionally or unintentionally. Policies – created and managed through the 365 compliance centre – work by identifying sensitive data, and then preventing that data from being freely shared between apps or staff members. To use DLP policies: 

  1. Identify Sensitive Information: Use built-in or custom information types to identify sensitive data. 
  2. Create DLP Policies: Define a set of rules that specify what should happen when sensitive information is detected. Actions can include blocking access, encrypting content, or sending notifications.
  3. Monitor and Report: Monitor the effectiveness of your DLP policies and adjust as needed.

How to Encrypt Data in 365

Data encryption ensures that even if data is intercepted, it cannot be read without the proper decryption key. Microsoft 365 provides a couple of options for doing this.

Office Message Encryption (OME) protects email messages, allowing you to send encrypted emails both within and outside your company. Staff using Outlook can easily do this on an individual basis by clicking on ‘more options’, which will bring up a checkbox allowing them to encrypt their email. 

If you would like emails to be encrypted automatically, you must first create a sensitivity label that will apply to all outgoing emails sent by members of your team. You can then create a rule that will encrypt all emails containing that label. This avoids your staff needing to remember to encrypt each email. 

Sensitivity labels can be created and applied, and conditions added, using Microsoft Information Protection (MIP).

Microsoft Defender: Your Company’s Shield

Microsoft Defender is their flagship security software, providing comprehensive threat protection. It contains various security solutions, including:

  • Safe attachments: Scans email attachments for malware, and ensures they are safe before delivery.
  • Safe Links: Protects users from malicious URLs by verifying links in real-time.
  • Antivirus: Defender is known for its strong antivirus software.
  • Threat Intelligence: Provides information on current and emerging threats, directly from experts.

After initial set-up has been completed, most of these features can be accessed from Defender’s security dashboard. It is recommended to use as many as possible for the best defence.

Why Security Awareness Training is a Must

Even the best security configurations can still be undermined by simple human error. In order to be effective, Microsoft’s security policies must be backed up by a strong cyber security training program. This program should teach staff about common cyber threats, methods for recognising them, and how to use Microsoft’s security software to mitigate them.

Setting Up Microsoft Security Features? You Don’t Have to Do It Alone

It is always useful when company software comes with its own security measures – and Microsoft 365 shines in this area. By taking full advantage of the variety of options offered, and combining them with a robust security training policy, your business can be stronger than ever before.

If Microsoft’s security features are still making your head spin, Steadfast Solutions can help. We offer a full range of Microsoft consultancy services designed to help you understand and utilise each tool to the best of its potential. In particular, take a look at our security consultancy services – they may be just what you need to get started.