There are so many benefits of switching over to cloud-based information infrastructure and productivity tools in your business. However, trying to suitably assess different suites can throw up a million different questions. Is Microsoft 365 going to adequately cover your business’s security and privacy concerns?
Microsoft 365, a suite of integrated productivity and collaboration tools, not only empowers organisations to streamline their operations but also provides a robust array of security and privacy features designed to safeguard sensitive data, manage user access, and mitigate potential risks. In this comprehensive deep dive article, we explore the various facets of Microsoft 365’s security and privacy offerings.
User management for Microsoft 365
Effective user management is at the core of maintaining a secure and organized digital workspace. Microsoft 365 offers an array of features to streamline user provisioning, authentication, and access control. With Azure Active Directory or Azure AD (now called Microsoft Entra ID), organizations can centrally manage user identities, enforce strong authentication methods, and establish single sign-on capabilities for seamless access across various applications.
Functional domain access management
SharePoint Online is the easiest way to organise and manage information, access, and files, within and across groups, as well as provide an avenue for collaboration and communication. You can use SharePoint to create intranets within your organisation. SharePoint allows for a secure external sharing of files, too. The service has built-in data-loss prevention, options for automated workflows, the ability to create security policies, do auditing, and more. The scope of SharePoint is huge, but you can start here for more info. We see SharePoint as essential within a Microsoft 365-enabled business.
Security management tools for admin in Microsoft 365
Microsoft 365 comes with a Security & Compliance Center, which gives you a comprehensive management dashboard where you can oversee and configure areas such as permissions, data loss prevention, data governance, threat management and reports.
Microsoft has introduced the handy Microsoft Secure Score, which gives you a score not unlike your credit score showing how well your organisation is doing with your Microsoft 365 security. It then provides tips to help boost security where it’s lacking.
As part of Azure, you can switch on multi-factor authentication for access to any Microsoft cloud services, with 2FA recommended at the minimum for security.
Extra Office 365 security features in user management with Azure AD Premium
You also have the ability to upgrade to Azure AD Premium, via the Premium P1 (at AU$8.20 user/month) and Premium P2 (AU$12.40 user/month) Plans.
Azure AD Premium P1: This tier includes features like Conditional Access, self-service password reset, and group-based access management. It also comes with many added security features:
- Advanced group features like dynamic groups, permissions delegation, group expiration
- Cloud App Discovery, to monitor usage of cloud apps within your company
- Connect Health, which helps ensure on-premise directories are working correctly with cloud directories
- Conditional access based on geo-location and group
- SharePoint limited access
Azure AD Premium P2: Building upon P1 features, P2 introduces Identity Protection and Privileged Identity Management. It also includes capabilities for advanced risk-based conditional access policies and identity governance.
- Privileged identity management
- Identity protection
- Access reviews
- And more…
We recommend at least the Premium P1 option for the best security overview and controls for user management with Microsoft 365.
Microsoft 365 has a Mobile Device Management capability to help manage all mobile devices on your organisational network – including employees’ BYODs. This includes access controls, policy settings, and remote device wiping.
For advanced capabilities, you can switch to Microsoft Intune which offers VPN access, more secure app management, desktop configuration, and more.
Microsoft offers encryption at rest and in transit by default, but that doesn’t mean that they don’t have access to the content of your files. For more control in encryption, you can use Azure Rights Management with Microsoft 365.
Data encryption is a cornerstone of data protection. Microsoft 365 employs encryption at rest and in transit to ensure that data remains secure throughout its lifecycle. Azure Information Protection further enhances data security by allowing organizations to classify and label data based on its sensitivity, controlling access and sharing permissions accordingly.
As with G Suite, email is encrypted in Microsoft 365 by default while at rest, as well as encrypted over the wire while sending – however Microsoft can read emails by default. You can enable end-to-end encryption via Office 365 Message Encryption (OME) if you have an Enterprise E2 or higher plan. This can be configured to only be applicable on various rules.
There are various ways to configure email security via Office 365, such as setting up spam filters, IP blocking, and bulk mail blocking. You can feel comfortable in knowing you have “protection from 100% of known viruses and 99% of spam”, and 99.9% uptime.
The Microsoft Service Trust Portal is your gateway to all things compliance, including management and information about ISO standards, the GDPR, and more. Some of the things you can view here include audit reports, trust documents, and security and compliance blueprints. Within the portal you have access to a handy Compliance Manager tool for use with their cloud services which helps to give you an overview of assessments, compliance scores, and more.
Documentation and support for security
Microsoft 365 Enterprise offers users a neat, comprehensive set of documentation in their Security and Compliance section of their knowledge base. This includes a very handy Security roadmap for businesses to implement if rolling over to Microsoft 365. 24/7 phone and web support is provided for all Business and Enterprise Plans.
Microsoft 365 Enterprise plans for tighter security
Microsoft 365 for Business Plans (Business, Business Premium, or Business Essentials) are designed specifically for small businesses only. For medium to enterprise companies, you’ll require an enterprise plan.
For organizations seeking comprehensive security features, Microsoft offers three tiers of Enterprise plans: E3, E5, and E5 Security. These plans provide a comprehensive suite of tools and capabilities to address various security challenges.
1. Microsoft 365 E3
The Microsoft 365 E3 plan is designed to empower organizations with essential security features while fostering collaboration and productivity. Some key security components of this plan include:
- Advanced threat protection: Protects against email, collaboration, and web-based threats with features like Exchange Online Protection, SharePoint Online Protection, and Microsoft Defender for Office 365.
- Threat intelligence: Utilizes threat intelligence and real-time analysis to identify and mitigate potential security risks.
- Information protection: Empowers organizations to classify, label, and protect sensitive data using Azure Information Protection and Windows Information Protection.
Pricing for Microsoft 365 E3: The Microsoft 365 E3 plan is priced at AU$52.2 per user per month.
2. Microsoft 365 E5
Stepping up from E3, the Microsoft 365 E5 plan introduces advanced security capabilities to mitigate a wide range of threats. Key security features include:
- Advanced threat protection (ATP): Enhances email, collaboration, and web security with ATP for Exchange, SharePoint, and Teams.
- Threat intelligence and advanced security analytics: Utilizes machine learning and AI-driven insights to detect and respond to sophisticated threats.
- Data loss prevention (DLP): Provides advanced DLP capabilities to identify and prevent sensitive data leakage.
Pricing for Microsoft 365 E5: The Microsoft 365 E5 plan is priced at AU$78.30 per user per month.
Microsoft 365 gives businesses a comprehensive offering, both in terms of security controls as well as in terms of the productivity tools included in the suite itself.
If you would like an assessment to determine the best Microsoft 365 security configuration for your business and a deployment & management plan, make sure to get in contact with us.
Subscribe to our newsletter
Enter your email and stay in touch with the latest updates from A1.
You might also like…
- Data-driven decision making in business isn’t anything new. For years we’ve had Excel spreadsheets out the wazoo, complete with complex custom VB scripts...
- Checking emails on the bus on the way to work? Why not! Quickly updating that file that popped into your mind before bed?...
- Identified a data breach? Or worried about what would happen if you did find one? What cyberattackers actually do with your compromised data...