We’ve said before that using cloud doesn’t eliminate the need for your own information security strategy. This is especially true for email, as it’s the vector for so many malware attacks. Microsoft ensures the network and physical devices are safe from attack, but you need to take additional steps for complete security.

Tactics for Protecting Office 365 Email

The first step in protecting your Office 365 email is to take full advantage of the security tools Office 365 offers. Exchange Online Protection helps filter out spam and malware and Office 365 Advanced Threat Protection provides additional protection against dangerous email. You can consider using a mail transfer agent to route messages to a third-party security scanner for further checks.

In addition, you should make sure Modern Authentication mode is turned in Office 365. This will allow you to use multi-factor authentication to ensure that only authorized users access the system. The authentication process can use a mobile app, phone call, or text to confirm the user’s identity. Use Privileged Identity Managed to limit admin privileges and Azure Identity Protection to detect and manage potentially breached accounts. Combined with conditional access rules, these can protect you if an employee exposes credentials in response to a phishing attack.

Besides protecting users’ identities through those steps, you’ll want to take steps to protect your data from being exposed through email. Azure Information Protection enables you to classify and protect email messages through controls such as encryption or prohibition of forwarding.

Once you’ve got security measures in place, monitor your systems for evidence of an attack or unusual behavior such as system slowness, high volumes of email, or large downloads. You can use third-party monitoring software or the built-in functionality offered by Office 365 alerts and Enterprise Mobility + Security. Enable alerts in the Security and Compliance Center. Depending on your licensing, you can get alerts from the Office 365 Advanced Data Governance tool or Microsoft Cloud App Security in addition to basic activity alerts.

Finally, remember that employees are your first and last defense against breach attempts, so make them active participants in the process. Provide them with the training they need to recognize phishing attacks and other safe computing practices. Make sure your information security policies work with your employees instead of against them.

Prescient Solutions provides IT consulting services and IT managed services to businesses and organizations in Chicago and Schaumburg. As a Microsoft Partner, we bring advanced expertise to Office 365 implementations. Contact us to learn more about how to ensure your Office 365 email is properly secured.