Blog & Resources

Technology industry insights and IT tips from NMX IT

5 Successful Methods to Secure Microsoft 365 Business Accounts

5 Successful Methods to Secure Microsoft 365 Business Accounts

Some businesses have a false sense of security that if their data is stored in a large cloud platform, it’s automatically protected. But there are several risk areas for cloud data that isn’t properly secured.

For example, weak passwords can result in accounts being breached and taken over by a hacker. Once they break into a Microsoft 365 account, they can gain access to email, cloud storage, and more. And the higher the privileges of the user, the more damage they can do.

Another security issue is misconfiguration of Microsoft 365 security settings. If settings are too weak, it can be much easier for an account to be breached or infected with malware.

Misconfiguration was one of the top 5 threat actions that resulted in data breaches in 2019.

For Microsoft 365 business users, it’s vital to understand how to secure your account and which settings will help the most when it comes to overcoming IT challenges with data and account security.

Smart Ways to Secure Your Microsoft 365 Account

Use Multi-Factor Authentication

Of the cloud account breaches that occurred in 2019, 77% of them were the result of hacked or stolen login credentials.

Password security remains a major problem for businesses. As more data has migrated to cloud platforms, like Microsoft 365, credential theft has become a primary cybercrime focus.

Enabling use of multi-factor authentication (MFA) for all users provides a significant safeguard against password-compromised accounts.

According to Microsoft, MFA blocks 99.9% of fraudulent sign-in attempts.

Use Dedicated Admin Accounts

When hackers gain access to an admin account in Microsoft 365, they can change multiple security settings, access user information, and basically have a free pass to many areas of your account.

One important safeguard that helps protect accounts with admin credentials is to set up a dedicated admin account. This means that the account with administrative privileges in Microsoft 365 has a more protected email address and login because it’s not being used on other sites or for other activities.

If all admins use the same dedicated admin account that also reduces risk, because if you have five admins, there is only one high privilege account instead of five potentials for hackers to gain access to.

Improve Malware Protection by Blocking Certain File Types

Some of the most dangerous file attachments when it comes to malware are .exe, .tar, .vbs, .rtf, among others. Microsoft 365 has a malware protection setting that allows you to block dangerous file types from being delivered to your users.

  • In the Security & Compliance Center, look for Threat Management on the left navigation pane.
  • Choose Policy > Anti-Malware.
  • Look for the default policy and double-click.
  • Under Common Attachments Types Filter, select On.
  • You’ll be able to see the default file types blocked and can add or delete other types.

Set a Rule to Turn Off External Auto-Forwarding for Email

One trick that hackers use that many users may be unaware of is to set up a forward for a user’s inbox. They may not do anything else when accessing an account, so the user isn’t alerted to a breach. But unbeknownst to them, every email they receive is being automatically forwarded to another address.

In the Exchange admin center, you can set up a rule to stop this from happening.

  • Go to the Mail Flow category and select Rules.
  • Click to Create a new rule.
  • Select More options at the bottom.
  • Setup the following rules, below.
  • Click Save.

Rules to set up:

  • Prevent auto forwarding of email to external domains
  • Apply rule if sender is internal (inside the organisation)
  • And if recipient is external (outside the organisation)
  • And if the message properties include auto-forward
  • Action: Block the message
  • Add message text noting that auto-forwarding email outside the organisation is prevented due to security policy.

Use Safe Links (Microsoft 365 Business Premium)

A majority of phishing emails these days use links rather than file attachments. This allows them to get past some traditional email filters because they don’t technically contain any malware.

Scammers also use links because many users have learned to be very suspicious when it comes to unexpected file attachments in an email but are less suspicious of a link.

Accounts using Microsoft 365 Business Premium can take advantage of Safe Links, which is a feature in Defender for Office 365. It provides URL scanning and rewriting of inbound email messages to keep malicious links from getting to users.

This feature is not turned on by default. It has to be activated in the Security & Compliance Center, under Threat management > Policy > Safe Links.

Get Help with Proper Security Configuration of Microsoft 365

NMX IT Solutions can help your Thames Valley area business put the proper security configurations and best practices in place to fully secure your Microsoft 365 account.

Contact us today to schedule your consultation! Call 01628 232300 or reach out online.