Many people may not be aware that the Microsoft 365 package actually includes highly efficient data security services and features, which are often regrettably underexploited. Naturally, Microsoft takes care of the basic data security of its own servers, but it is always the customer’s responsibility to manage the security of devices and users and the way information is shared with users and third parties. Utilising the ready-made features of Microsoft 365 licences can bring significant security improvements to the company’s business in very simple and easy ways. In this article, we present three security features of the Microsoft 365 Business Premium package that are included in the licence.
MFA (Multi-Factor Authentication), strong user authentication
Multi-factor authentication means that you can’t access the service just by knowing your password. In addition to the password, the user’s identity is always verified using another method, such as an SMS, phone call or Microsoft Authenticator. This provides significant additional security in situations where the user’s password has ended up on phishing pages or has otherwise been ferreted out. Without multi-factor authentication (MFA), the user will be able to login with just a username and password.
Microsoft Authenticator is a handy app that works on both computers and mobile devices. It allows you to safely sign in to Microsoft services from a computer without a password, confirming the sign-in on your mobile device.
The availability of services is helped by Conditional Access, a feature than can easily be used to create different levels of login rules. Often, the solution is that multi-factor authentication is not necessary in the company’s internal network, but if users try to log in from outside the network, they need to authenticate with more than just a password. Access can also be restricted to certain devices, so that everything can be used normally on your organisation’s own devices but Microsoft 365 services can’t be used from your home computer, for example.
The most common problem for each user is remembering countless passwords. Fortunately, there are a couple of different services for managing passwords. Windows Hello for Business is available for Windows 10 workstations, replacing the password with strong multi-factor authentication. The user’s biometric features, such as fingerprints, eyes or face, are used instead of the password. Password-less, on the other hand, uses the aforementioned Microsoft Authenticator, so that you can also use multi-factor authentication without a password. In fact, users don’t even know their own passwords, so they can’t be hacked. This significantly reduces the risk of the password falling into the wrong hands and/or being used for criminal activities.
ATP (Advanced Threat Protection)
Malware, spam and phishing are persistent problems that will not disappear. All of these are tackled by Office 365 Advanced Threat Protection, which ensures that attachments and links sent by e-mail are always safe.
The ATP service directs attachments to be opened on a separate virtual machine for examination. The virtual machine opens the file so that automation can monitor what kind of changes the file makes to the machine. In this way, machine learning technology can provide protection against even previously unknown threats. If everything is in order, the message and attachments will be allowed into the user’s inbox, but files that appear harmful will be deleted automatically.
ATP will also investigate suspicious links for the phishing of user information. If the service notices a phishing attempt or attempted use of false identity behind the link, or notices that harmful code is downloaded to the machine, it immediately replaces the link with a new link in the e-mail. The new link leads to an error page, indicating that the link is potentially harmful.
AIP (Azure Information Protection)
The AIP function includes tools for classifying and encrypting e-mail information at the file level. A definite advantage of this function is that it operates independently of where the data is stored. The service is purely cloud-based and minimises errors made by end users. In practice, the service automatically classifies e-mails, their attachments and company data according to their importance.
Fully remote deployment
The best thing about modern security services is the fact that they can be easily deployed remotely. The service provider doesn’t need to physically visit the customer or touch the user’s computer to protect each workstation. In addition, in-depth familiarisation is not required from users, since the services work in the background and do as much as possible on behalf of users through automation.
Remote deployment is also supported by comprehensive end-user instructions on the functionalities of Microsoft 365 Business Premium security services, which are delivered in advance to each user. Users will have instructions for using the services to support their memory and, if necessary, the materials will also be tailored to the customer’s wishes and needs. End users are always supported by Itaito’s highly skilled Service Desk support.
It’s never too late to improve your company’s security, and these services can often be deployed very easily and quickly. Please contact us to learn more!