Online all the time, anywhere with anything
Call Us: +46 8 50003170

Security in Office 365, are you using the features?

All chains are as a strong as the weakest link, with Office 365 subscription you get many security features free of cost. Some of the features are free if you subscribe to the premium licenses.

Microsoft has released a service for all Office 365 business plans where you can check how good you have used security, the link is https://securescore.office.com . This is available if you are an admin of your organizations tenant. Her you can see things you can improve with built-in security features.

  • Do you require MFA(Multi-factor Authentication for your users? Password is not enough.
  • How many global administrators do you have?
  • Could some administrators be service administrators, such as SharePoint administrators or password administrators?
  • Enable spam filtering on outbound emails from users in your organization.
  • Require users to change password at least every 60 days. (i am not so sure this is a good action, it is better the users have strong password and MFA)
  • Disable accounts not used in the last 30 days(be aware of parental leave and long vacations)
  • Should you allow users to share links to SharePoint sites?
  • Configure expiration time if you do allow links to SharePoint and OneDrive.
  • Use mobile device management to control what is being stored and handled with mobile devices. Even more features available in Office 365 Enterprise E5 plan with EMS.

These are just some of the features you can and should use with Office 365. If your managers and security officers want to now more they can visit the Microsoft Security trust center.

Some of the other options your administrators can use are these

  • Security & Compliance settings in Office 365 administration.
  • Intune console(need a separate license) for device management, soon to be migrated to Azure(do it fast I don´t like Silverlight!)
  •  Azure Active Directory
  • Azure portal for settings for Azure Information Protection.
  • Exchange Admin Center
  • SharePoint Online Admin center
  • Skype for business Admin center
  • SharePoint site collections for settings of IRM(Information Rights Management).

Working with Office 365 security is becoming an expertise of its own, we at NetIntegrate are focusing a lot of our work on implementing security in the cloud, even more now with the upcoming General Data protection Regulation (GDPR).

The most important investment in security is to train your end users(employees and contractors) to be security-aware. They do not have to be experts, they need to know how to protect information.

 

Cloud security mentor