If you are a small or medium-size organization using one of Microsoft's business plans and your type of organization is targeted by cyber criminals and hackers, use the guidance in this article to increase the security of your organization.

1. Set up multi-factor authentication

Multifactor authentication (or MFA), a security practice that requires two or more credentials to verify a user’s identity, This can prevent hackers from access to office365 account if they know your password. You need to be tenant Admin to setup MFA for you Office 365 tenant. I have enable the new admin center layout (top right corner), suggest you do the same if you haven’t done it already.

  1. Open the Admin Center and go to Users > Active Users
  2. Open Multi-factor authentication

3.   Select user which want to enable mfa and click Enable

Now you enable mfa, Users can set verification methode and other things through their first login

2. Minimise super admin uses

Minimise super admin use cases by using Least Privilege admin that can greatly reduce the impact if an administrator account is compromised. Always assign administrators only the minimum permissions they need to do conduct their tasks. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function. Be sure admin accounts are also set up for multi-factor authentication and After completing admin tasks, be sure to log out of the browser session.

3. Train your users

The Harvard Kennedy School Cybersecurity Campaign Handbook provides excellent guidance on establishing a strong culture of security awareness within your organization, including training users to identify phishing attacks.

In addition to this guidance, Microsoft recommends that your users Using strong passwords, Protecting devices, Enabling security features on Windows 10 and Mac PCs.

4. Enable unified audit logging

Using unified audit logs, admins can search for events occurring in all of the services within their Office 365 environment. An administrator must enable the Unified Audit Log in the Security and Compliance Center before queries can be run. Enabling UAL allows administrators the ability to investigate and search for actions within Office365 that could be potentially malicious or not within organizational policy.

5. Remove suspicious auto-mail forwarding

Auto-mail forwarding is potentially dangerous as it can result in sensitive information leaving the organization— whether that was the intention or not. If hackers gain access to an Office 365 account, they can set up forwarding rules to learn how an organization works before executing an attack. Forwarding rules are immune to the usual threat response measures, like password resets, and if left unchecked, they allow hackers to continue collecting confidential data for as long as they want. Using O365 Manager Plus’ Mailboxes with External Mail Forwarding report, admins can view the list of user accounts with mail forwarding in place, along with the address emails are being forwarded to.

6. Use Advanced Threat Protection

One of the most popular forms of cybercrime right now is ransomware, which is spread almost entirely through malicious links and attachments in emails. These are getting more and more sophisticated and realistic looking, making them harder to spot – especially for employees who aren’t trained in what to look for.

Advanced Threat Protection helps by stopping these malicious links and attachments before they get to your inbox. It opens the attachments and links in a virtual environment (complete separate from your environment) and checks for malicious activity before the email gets to your inbox.

Advanced Threat Protection is an add-on ($2/user/month) and available for most Office 365 licenses. It's also already included in Office 365 Enterprise E5.

7. Encrypted Email + Data Loss Prevention

Companies who deal with sensitive information like credit card information, social security numbers and/or health records need to prevent this information from leaking outside their organization. This is where encrypted email and data loss prevention come in.

Encrypted email basically ensures no one other than the intended recipient can open and read emails you send. This is usually required for companies to meet regulatory needs like HIPAA.

Data Loss Prevention (DLP) ensures sensitive information doesn’t get sent outside of your organization to begin with (applies to more than just email – also includes SharePoint Online and OneDrive for Business and Office programs like Excel and Word). DLP policies monitor your environment for sensitive data and prevents users from sending that information outside your organization.

There are already templates set up to fit most major regulatory and compliance needs (like HIPAA). You can also create and customize the DLP policies to fit your specific needs. You can customize the rules to fit everything from the location of the data, type of information (credit card numbers, social security numbers, etc) conditions (type of information and in what context it’s being used) and the action taken (block the content completely or send a notification).

Encrypted Email and Data Loss Prevention is available on Office 365 ProPlus and Office 365 E3 plans and higher. It can also be added as part of Azure Information Protection.

8. Limit the number of legacy email protocols or disable them completely

The CISA report suggests that many users still use email clients that work on old protocols such as POP3, IMAP4, and SMTP. Admins can block these clients from connecting by using Azure AD conditional policies or Exchange Online authentication policies. This will persuade users to switch to more secure clients that support modern authentication.

9. Track mobile devices connected to Office 365

Hackers often connect their mobile devices to compromised accounts in order to send and receive emails from them. Admins should regularly evaluate their Office 365 setup to look for any unauthorized devices connected to users’ Outlook Web App. O365 Manager Plus’ Mobile Devices report displays all the mobile devices that are configured to synchronize with users’ Office 365 mailboxes. It provides information including username, device name, device type, device ID, first sync, and device IMEI number


Administrators implement the following best practices for secure office365

  • Set up multi-factor authentication
  • Minimise super admin uses
  • Train your users
  • Enable unified audit logging
  • Remove suspicious auto-mail forwarding
  • Use Advanced Threat Protection
  • Encrypted Email + Data Loss Prevention
  • Limit the number of legacy email protocols
  • Track mobile devices connected to Office 365