The Office 365 security features you didn’t know existed

When you use Office 365 every day, it can be easy to forget just how powerful it has become – you just expect it to work and it does. However, some features aren’t a part of the everyday work experience so they can remain a bit invisible.

Security typically falls in to this category which is little ironic when you consider the huge amount of time and money that IT teams are spending ensuring business assets and access are protected.

With such a big picture focus, it can be easy to miss the security features and capabilities you already have within Office 365.

Here’s just a few worth mentioning.

Data Loss Prevention (DLP)

DLP allows a company to prevent confidential information such as credit card numbers or financial information being sent by email. By using a series of customisable policies, you can decide what the rules are for handling different types of information. For example, you could allow credit card numbers to be sent internally but not externally. Or you could set limits on how many credit card numbers can be sent at once, allowing a single number to be sent but not multiple. You can also add override functions in case there is a particular business requirement you have to cater for.

When combined with other capabilities such as BitLocker device encryption (for Windows devices to protect against data loss if your device is lost) and Information Protection (that can prevent an email from being forwarded, copied or pasted into other programs), you have a comprehensive set of capabilities to protect your data.

DLP is available in Office 365 E3 and E5 plans.

Multi-Factor Authentication (MFA)

Most people understand how MFA works today to secure apps such as CRM. However, despite knowing it exists, its use with Office 365 isn’t as prevalent.

You can easily set up MFA on a user-by-user basis, or for an entire organisation with additional configuration options available such as IP whitelisting. This means that users are only prompted for MFA if they are connecting to Office 365 from outside of the company network.

You can also incorporate smartcards or biometrics using Windows Hello or deploy a federated identity model that integrates Office 365 with on-premises directory objects for a seamless user experience.

MFA is available on all Office 365 plans, but for smartcards, biometrics and federated identity you need a Microsoft 365 E3 or E5 plan or an Azure AD Premium license.

Azure Identity Protection (AIP)

AIP builds on MFA by using machine learning to determine what is usual behaviour on a user-by-user basis, then using this information to detect suspicious activity and force an MFA event.

For example, you may normally log in to Office 365 from home, the office and on your way between them both. If a login then occurs outside these times or locations, it will be flagged as suspicious and force the user to verify their identity via MFA, or stop the login completely.

AIP is available in Microsoft 365 E5 and Azure AD Premium P2.

Conditional Access via Azure Active Directory

If you’re using Office 365, then you have access to Azure Active Directory, but many organisations don’t realise this and end up not using it or understanding its features.

There is a world of security capabilities at your fingertips here if you want to explore it further. Just one example is the ability to create a conditional access policy that blocks a user who is using a non-compliant device from accessing Office 365.

You could then assign rules around an event like this such as:

• Requiring MFA to be completed
• Requiring the device to be marked as compliant
• Requiring a specific domain to be joined
• Requiring an approved client app to be used

Conditional access policies are available in Mirosoft 365 E3 and Azure AD P1 or higher.

This is just a small sample of the security capabilities you already have in Office 365. They can be used to replace other solutions you may be using, or to bolster existing security capabilities. To find out more, or for information on how to use them, contact Data^#3 today.