30 Ways To Secure Microsoft 365

By: Marco
April 15, 2022

Generally speaking, Microsoft 365 is a highly secure platform that helps organizations boost productivity and collaboration. Its data centers are almost impossible to breach directly, and it includes a suite of cybersecurity tools to further safeguard sensitive data. However, as the number of cyberattacks continues to soar, every internet-based tool is facing enormous challenges from hackers all over the world, and is struggling to keep up. 

Fortunately, Microsoft offers many ways that end-users can further secure their data, should they choose to. The Center for Internet Security (CIS) released its newest version of the Microsoft 365 Foundation Benchmark on February 17th, which includes recommendations for Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and Intune. 

Microsoft 365

30 Ways To Secure Microsoft 365

The CIS has developed multiple benchmarks to help organizations maintain cybersecurity. This particular benchmark includes sections on account authentication, application permissions, data management, email security, auditing, storage, and mobile device management. However, to save you time, I’ll outline its recommendations below. 

How the Benchmark’s Recommendations Secure Microsoft 365 

There are many different types of threats that online tools face, including spamming, phishing, brute-force attacks, malware, and more. The benchmark addresses each of these threats in a number of ways, and their recommendations are grouped beneath the threat they counteract.  


Microsoft’s anti-spam tools are already robust. However, there are simply too many spammers for users to expect Microsoft to catch everything. For increased protection against spam, the benchmark recommends that each organization does the following:

  1. Set spam policies in Exchange
  2. Enable Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
  3. Enable Microsoft Defender for cloud-based apps
  4. Review restricted email users list


Microsoft Defender for Office 365 contains more advanced tools than ever before, and users can simulate phishing attacks to train their employees to provide anti-phishing training for their employees. To further optimize Microsoft Defender, the benchmark recommends taking the following actions:

  1. Enable Defender for Office Safe Links
  2. Enable internal phishing protection for Forms
  3. Use the Defender Portal to create an anti-phishing policy
  4. Enable the Safe Links policy
  5. Review spoofed domains report weekly
  6. Enable Microsoft Defender for cloud-based apps

Password Brute-Force and Password Spraying

Multifactor authentication is a powerful tool to thwart these common attacks,  DCMS Cyber Security Breaches Survey 2022, two-thirds of organizations still don’t require it. The benchmark recommends the following actions to mitigate brute-force and password-spraying attacks:

  1. Enable multi-factor authentication for all users
  2. Enable password protection for Active Directory
  3. Enable Conditional Access policies
  4. Enable Azure AD Identity Protection sign-in risk policies
  5. Enable Azure AD Identity Protection user risk policies
  6. Enable password hash sync
  7. Use Just In Time privileged access to Office 365
  8. Review Azure AD Risky Sign-Ins Report weekly
  9. Enable Microsoft Defender for cloud-based apps

Malicious Apps and Add-Ons

Malware is very common. In fact, there are over 1 billion malware programs installed around the world. To optimize Microsoft 365 against malware, the benchmark recommends the following actions:

  1. Don’t allow third-party integrated apps
  2. Don’t allow users to consent to apps accessing company data
  3. Enable the admin consent workflow
  4. Don’t allow users to install Outlook add-ins
  5. Don’t allow users to install add-ins for Word, Excel, and PowerPoint
  6. Review the Application Usage report at least weekly
  7. Enable Microsoft Defender for cloud-based apps

Data Exfiltration via Automatic Email Forwarding

Setting up automatic email forwarding within a compromised account is one way hackers can access sensitive data. To counter this threat, the benchmark recommends the following actions: 

  1. Block or disable all forms of mail forwarding
  2. Ensure that mail transport rules don’t whitelist specific domains
  3. Review mail forwarding rules at least weekly
  4. Enable Microsoft Defender for cloud-based apps


There you have it — 30 ways you can boost security within Microsoft 365. Of course, there is one action item that is repeated across most categories of risk, so that technically whittles down the list to 27. That’s still quite a lot of to-do items, but once they’re set up, your sensitive information will be far more secure, and without any additional purchases.  

Your Trusted Microsoft Partner

Marco is a Microsoft Gold partner, which means we work closely with Microsoft, and we’ve demonstrated a commitment to providing excellent customer service. We have advanced skills on all Microsoft platforms and can act as a trusted guide. If you’d like to speak to one of our Microsoft experts about licensing or other Microsoft 365 concerns, please feel free to schedule a consultation at a time that works for you.

Talk to a Microsoft Expert Today

Topics: Security