Microsoft 365 cloud app

6 Best Practices for Microsoft 365 Cloud Security

Microsoft 365 apps


If your organization uses Microsoft 365, you already know firsthand the many benefits its cloud services bring to your business. Packed with features, there are always new tips to learn when it comes to this ever-evolving platform.

One of the most important things to know is how to keep the platform safe from cyberthreats and other security issues.

We’ve compiled a list of 6 best practices that will improve security, protect your organization, and set your business up for success with Microsoft 365.

Mailbox audit logging

Mailbox audit logging is a nifty feature that enables you to see who has logged into user mailboxes, sent messages, and performed other activities.

This feature is very useful if you need to see who edited a document or when something was deleted. The feature is not enabled by default, so you will need to turn it on to use it.

Find out your Microsoft 365 Secure Score

Secure Score is a security analytics tool offered exclusively by Microsoft 365. This tool determines your security score by looking at your Microsoft 365 settings and activities and comparing them to an established baseline.

The closer your settings and activities align with these predetermined best practices, the better your score will be.

Related: How does your Microsoft 365 security measure up?

Use multi-factor authentication

Multi-factor authentication (MFA) adds an extra layer of security to your password strategy. When your password is entered incorrectly or entered from a new location, you are required to acknowledge a notification via phone call, text message, or app notification.

This extra step of authentication ensures your accounts remain protected, even if your password is compromised. All employees should be educated on the importance of using MFA, and it might even be worth making it part of your company policy.

Configure data loss prevention

Data loss prevention (DLP) allows you to identify data that is considered sensitive and create policies to prevent your employees from sharing that data. DLP is a valuable tool for organizations that are required to maintain regulatory compliance.

Related: Evolution of the data breach

Customer lockbox

Sometimes it is necessary for a Microsoft support engineer to access your data during a help session. But with customer lockbox, you get to control just how much of the data is shared.

Customer lockbox requires that the engineer request access and you have the ability to approve or reject the request. Each request has an expiration time, and once the issue has been resolved, the request is closed and the access is revoked. Customer lockbox is included in the Enterprise E5 plan or can be purchased separately with any other Enterprise plan.

Secure mail flow

Microsoft 365 gives your organization the flexibility to determine the best path for how mail is delivered to your organization’s mailboxes. This path from the mailbox to the internet and vice versa is called mail flow.

Regardless of your mail flow setup, it is important that your mail flow be as secure as possible to protect your organization against potential threats. You can do this by implementing the following exchange online protection feature in Microsoft 365:

  • Anti-spam protection – built-in spam filters allow you to tailor the sensitivity to meet the needs of your organization.
  • Advanced threat protection – scans email attachments and URLs for malicious attacks.
  • Anti-malware protection – multi-layered malware protection in real-time.
  • Safety tips in email messages – color-coded messages warn you about potentially harmful emails, to minimize phishing attempts and other attacks.