Glen is your building’s facilities manager and he’s just received an email with the word ‘urgent’ in the subject line. Someone claiming to be from your company has sent a photo attachment which they say shows a leak in the basement. Concerned, Glen doesn’t stop to think about the possible cybersecurity risk and clicks on the file.

The bad news is that Glen’s email comes from a phishing scammer. The good news is that you have activated advanced Microsoft 365 security measures. This means that the system scans the attachment before it is downloaded and destroys it before it can do any damage.

This impressive level of protection is available to any organisation that uses Microsoft 365. However, most businesses tend only to use the most basic features of security that are turned on automatically. If you really want to bolster your defences, it is important to know what security is available with your license, then enable those features which are most useful for you.

Ever-improving security

Microsoft is able to offer some of the most advanced levels of business security thanks to the sheer breadth of its customer base. With over a million organisations around the world using the platform, Microsoft can analyse millions of threats and attacks against its cloud environment every day. The more information Microsoft collect, the better able they are to design tools for deflecting attacks.

If you head to the security dashboard in your Microsoft 365 admin centre, you’ll find a huge number of tools and modules you can turn on to improve your current level of protection. To begin with, it’s valuable to learn about what is available and how it works.

In our recent webinar, we took a whistle-stop tour of Microsoft 365 user security – watch the recording now to learn more. Below, we’ve summed up some of the most compelling features.

A taste of Microsoft 365 security

Microsoft 365 security can be roughly divided into the following four categories, although there is a lot of crossover between them:

  1. ID and access management
  2. Threat protection
  3. Information protection
  4. Security management

There are numerous tools available which feed into each of these four areas. Here are just some of the most powerful features that you can ‘turn on’ today:

  • Identity driven security: Microsoft’s Graph collects vast amounts of data about user behaviour and can identify any unusual activity. When deciding if someone should be allowed into your environment, it can ‘intelligently’ spot things that look suspicious. For example, if an employee logs-in from a location in London, then 10 minutes later logs-in from Sydney, the graph will identify this as ‘impossible travel behaviour’ and block access.

Learn more: How to classify and secure data in Microsoft 365

  • Privileged identities: Some of your employees will have access to highly sensitive information – such as password administration. In more traditional IT security, that individual would always have access whenever they log-on in the morning. However, with ‘just in time’ privilege, it is now possible to only allow access to that area of the admin centre when the person is actually active. They will need to pass an additional authentication process each time they want to see the most sensitive information.
  • Safe links and attachments: One of the most innovative security features in Microsoft 365 is its safe links and safe attachments tools. If you enable this feature, Microsoft will spin up a ‘sandbox’ environment where every attachment or link that arrives in your company inboxes is first automatically opened in a separate ‘quarantine’ environment. If the link or attachment, then behaves in a dangerous way it is destroyed before it ever reaches your staff.
  • Endpoint manager: Endpoint manager is a security feature that lets you control all the devices which log into your systems – primarily laptops, PC’s and mobiles (but it can also cover printers, TV’s and other internet-connected hardware). It allows you to control all devices and apply policies to how, when and where they are used and even wipe them if you need.
  • Mobile application management (MAM): If your staff are using their own personal smartphones or laptops to use your email system or business apps, they might resent the idea of IT being able to close them down! But with MAM you can take control of specific company apps if required. That lets you, for instance, prevent people from copying and pasting content out from the Outlook app on their phones, or lets you wipe business data if a device gets pinched.

Start exploring Microsoft 365 security features

There is so much more that you can do with Microsoft 365 to secure your users’ identity, your data and your devices – the features described here are just a handful of the tools available.

The sheer variety of security features in Microsoft 365 can be overwhelming – where do you begin? At FITTS, we find one useful place to start is the Secure Score. Secure Score provides a rating of your organisation’s protection level based on the number of security features you have enabled. To learn more about how it works, download our eBook.

Or, for support and guidance using Microsoft 365’s most advanced security features, contact FITTS for a free security consultation today.