7 Best Security Practices for Office 365
Modern businesses have complex requirements. Cloud computing has become the mainstay of enterprises when it comes to cost-effective scalability of operations. Cloud-based productivity suites such as Office 365 are among the preferred choices for companies owing to their increasingly complex business demands.
In addition to offering an array of useful applications for online collaboration, Office 365 also comes with a host of features that when turned ON can vastly boost the company’s defenses against cyber-security attacks.
However, those features in Office 365 are not enabled by default. If you are an Office 365 Administrator at your organization, here are 7 best practices for Office 365 you must know (and practice).
Add your branding to Office 365 login pages
Use OneDrive as your primary folder for file sharing
Scrutinize external access very diligently
Manage mobile apps for SharePoint and OneDrive
Track and administer the user activity with the auditing feature
Office 365 offers several options to allow organizations the ability to customize the login pages for the users with the company’s brand elements. Users are less likely to be the victims of phishing attacks if they can easily identify fake login pages impersonating their company’s Office 365 login portal.
Scammers and cyber-criminals may not be able to impersonate Office 365 login sites that carry their respective organizations’ branding. Default Office 365 login pages, however, are easy to duplicate and are hence vulnerable to phishing attacks.
And that is why you as an Office 365 Administrator must ensure that your company’s Office 365 login site(s) have the organization’s branding (name, logo, elements, etc.) Aside from the security benefit, configured and customized Office 365 login pages add an aesthetic appeal that your employees may appreciate, too.
Employees in organizations tend to save their files and documents on their desktops; this creates challenges for the IT department as those files are stored in individual PCs as opposed to an online collaboration platform (like SharePoint) which makes it time-consuming and tedious to move them to the company’s cloud.
To solve this, Office 365 offers a feature wherein known and commonly used folders (like My Documents) can be redirected to OneDrive via Group Policy. There are two benefits of doing so:
Users’ files are backed-up in the cloud automatically, so if their PC is attacked by malware, there would be no loss of information.
Users’ files are backed-up and uploaded to OneDrive which allows them to access the files on the go.
An additional advantage of redirecting known Windows folders to OneDrive is that it causes no change or disruption for end-users (employees in your company). So, they can continue saving their files in the same folders as they previously did with the only difference being that now OneDrive would silently synchronize and upload those files to the cloud at the same time.
Both OneDrive for Business and SharePoint are effective workloads in the Office 365 suite when it comes to internal and external file sharing. They allow files to be shared seamlessly between internal users of the company as well as with external entities; however, from the perspective of cyber-security and enterprise content management, file sharing can be a sensitive issue.
For example, anonymous file sharing if gone wrong could jeopardize the data integrity and security of the whole organization. Thus, it is best to prevent such occurrences rather than preparing for contingencies caused by them.
Hence, ensure to review your Office 365 external sharing settings regularly so that you can keep them updated to comply with your company’s policies and/or utilize the latest features added to Office 365 by Microsoft.
Both OneDrive and SharePoint can store tremendous numbers of files and folders, and your organization’s employees may need to access and/or download those files on their smartphones to edit/review them on the go. However, this also creates a potential security risk if employees can download and store company information on their devices.
Fortunately, you can enable mobile application management for both OneDrive and SharePoint to prevent any undesired occurrences. As an Office 365 Administrator, you can control how your company’s users view, edit, review, and share files.
You have several options such as blocking OneDrive and SharePoint mobile apps from downloading files, preventing screenshots, blocking attempts to select and copy or print content from the files, requiring sign-ins each time the apps are opened, and so on.
Effective mobile application management is essential to preventing company data from falling into wrong hands. Therefore, this should be your top priority.
Auditing is one of the prominent features in Office 365. Auditing allows the Office 365 admin to view and track all the user and administrative activity in the cloud. This includes changes such as (but not limited to):
- Changes to Exchange Online configuration settings
- Changes to documents and folders by users
- Changes to SharePoint tenant configuration rules
Office 365 auditing is important for compliance and regulatory requirements, but it can also help administrators track changes and approach the concerned authority in case of any anomalies. Systematic monitoring and reporting of changes and user activity also reduce the likelihood of malfeasance from the users.
Secure login credentials with MFA
We can’t stress this point enough, can we? In an era where stolen passwords and phishing attacks are everyday news, an additional layer of security is the first thing you should be looking for when it comes to securing your company’s data.
Office 365 comes with a feature of Multi-Factor Authentication (MFA) that when enabled requires all users in the company to add one more step to how they log in to their accounts in the system. Users have a choice of authenticating by Microsoft’s mobile application, text message (SMS), call, or app passwords (that you are being the Office 365 Administrator can create for them). MFA works with every product/service offered by Microsoft starting from their applications in the Office 365 package to Microsoft Azure to browsers and so on.
An effective practice is to prepare for contingencies. There may be times when Multi-Factor Authentication (MFA) may be down or simply unresponsive; for such scenarios, ensure to have a backup account with the necessary login credentials and authority needed to bypass or override the MFA and disable it temporarily.
Manage effective workloads with privileged access
As an O365 Administrator, it is your responsibility to keep track of all users who have been granted privileged access to the cloud. Usually, users with privileged access include administrators managing specific workloads such as Exchange Online, SharePoint, or OneDrive. Likewise, it also includes administrators of various teams (under Microsoft Teams) including their owners and creators.
User accounts with privileged access are prone to misuse, so you must regularly review them and ensure that once the user stops being a part of the company, their accounts are frozen, and their privileges are taken away to prevent their misuse.
Managing Office 365 and keeping your organization up to date with the best practices regularly is a difficult task, but our Office 365 experts can take care of it all for you. If you are looking for any help on Office 365 – from migration to management – we are here to answer all your questions. Contact us today!