Fortunately, there are some easy—and free!—things you can do make your Office 365 environment more secure. Unfortunately, almost no one wants to do these things until after their account gets compromised.
Mobile Device Management (MDM) for Office 365 is free with Office 365 accounts. This takes just a little bit of effort to set up, but it is totally worth it. MDM allows you to securely and remotely wipe corporate data off of managed devices.
So, if an employee leaves your company, you can rest assured that your corporate data (email, OneDrive, SharePoint) can be wiped without touching the other contents of their phone. This is also great in situations where a device is lost or someone forgets their pass code and gets locked out.
The Office 365 Unified Audit Logs keep a record of everything that has happened in your tenant for the last 90 days. This is especially useful when you are trying to piece together how an account may have been compromised.
Without auditing, it’s nearly impossible to figure out what happened after a breach—meaning it’s nearly impossible to fix whatever vulnerability was used to get into your account.
You do need to manually turn these on – so go do that today! (Side note: Exchange Online is a little different – that is managed here)
Too often, we are seeing people use their ‘daily driver’ account as the Global Admin account as well. If your account gets hacked, that’s a whole lot of surface area for the bad guys to attack. Instead, set up a separate Global Admin account that doesn’t have any licenses assigned at all; only use this account for administrative activities.
We’ve spent a lot of time talking about the importance of multi-factor authentication (MFA) for all users—it can help protect your account, even someone has your password. If you can’t implement it for all users, at the very least, it should be required for Admin Accounts. The bad guys can do a lot more damage if they get access to an account with admin access.
Office 365 accounts do include free MFA. There is also a premium version in Azure AD Premium Plan 1 that includes more customization options.
Customizing your Office 365 log in screen is great for brand awareness and security (double win!). This can help your employees not fall victim to phishing scams. Of course, this will involve some user training. You’ll have to teach your users to look for the logo when they log in. If it’s not there—don’t log in!
Following these steps will allow you to customize your log in screen to match your brand.
These are just a few of the free ways you can help secure your Office 365 data. Similar settings are also available on other cloud services, so you may want to review those settings as well.
For a deeper dive on Office 365 security, you can also review: