Online Threats are Real: Learn How to Protect Your M365 Products

Are You Cyber Safe? Protect Your Microsoft 365 Products from Online Threats – Part 2

October 12, 2023

Last week, we published a blog that provided tips for protecting your Microsoft 365 products against malicious cyber threats. Cybersecurity is not something to take lightly, and with technology constantly evolving, it is important to understand how you can protect your organization’s sensitive information.

There is no such thing as being overly cautious or engaging in too much cyber security. We recommend doing everything you can to protect your organization’s online information. Online threats are lurking everywhere, and far too many people adopt an “it will never happen to me” mentality. The reality is it can happen, and it does, so it is always best to diversify your safety practices. Below are more suggestions as to how you can practice cyber safety:

Use Microsoft Purview Information Protection.
Microsoft Purview Information Protection is a data governance solution that helps you discover, classify, label, and protect your sensitive data across your Microsoft 365 environment and beyond. You can use features such as sensitivity labels, encryption, data loss prevention (DLP), retention policies, eDiscovery, and more to control how your data is accessed, shared, stored, and disposed of.
Disable auto-forwarding for email.
Auto-forwarding is a feature that allows users to automatically forward incoming emails to another email address. However, this feature is typically exploited to exfiltrate company data by cyber criminals who are looking to compromise a user’s account and set up auto-forwarding rules to divert sensitive emails to their own address.
Protect all corporate devices.
You should ensure all devices that access your Microsoft 365 account and data are secure and compliant with your organization’s security policies. You can use features such as Microsoft Endpoint Manager (MEM), Windows Hello for Business (WHfB), BitLocker encryption, Windows Defender Antivirus (WDAV), Windows Defender Firewall (WDF), Windows Update for Business (WUfB), and more to manage and protect your devices.
Monitor and audit your security policies.
You should regularly review and update your security policies according to the changing threat landscape and best practices. You should also monitor and audit your security settings and events using tools such as Unified Audit Log (UAL), Secure Score (SS), Security Dashboard (SD), Compliance Manager (CM), Azure Sentinel (AS), and more.
Enable SPF, DMARC and DKIM in Exchange Online.
E-mail is a common attack vector to launch phishing, malware, ransomware, and other types of attacks that can compromise your organization. You can protect yourself by enabling SPF, DMARC and DKIM in exchange online to help prevent spoofing and phishing attacks that can compromise your email security and reputation. SPF, DMARC and DKIM are email authentication standards that verify the sender’s identity and the integrity of the message content.
Review your Microsoft Security Score Often.
Microsoft security score is a tool found in the M365 security portal and Azure portal that helps you measure and improve your organization’s security posture across Microsoft 365 and Azure services. It provides a numerical summary of your security level based on the actions you have taken or have not taken to protect your data, devices, and identities. It also provides you with recommendations and guidance on how to enhance your security settings and reduce your risk of cyberattacks. As cyber security best practices evolve so will the recommendations in the Microsoft Security Score.

By following these tips, you can improve your Microsoft 365 email security and protect your organization from email-based threats. However, it’s important to remember that cyber security is not a one-time task but an ongoing process that requires regular review and adjustment. Hopefully, these tips start some conversations within your organization to help improve your cyber security in Microsoft 365.

At Imaginet we take cybersecurity seriously. Follow our blog and subscribe to our newsletter to stay on top of the industry trends that will help your organization remain protected.

Roy Polvorosa

Roy Polvorosa is the Practice Lead for Managed Services and a Senior Microsoft Cloud Consultant for Imaginet in Winnipeg, MB. With over 13 years of experience supporting customers with their journey to M365 and Azure combined with his business awareness allows him to identify solutions that align to customers’ requirements and solving problems. With over a decade of experience managing on-premises, hybrid and cloud infrastructure solutions he has substantial familiarity with Microsoft best practices and an empathetic approach to understand a customer’s unique business needs.

Discover More

Let’s build something amazing together

From concept to handoff, we’d love to learn more about what you are working on.
Send us a message below or call us at 1-800-989-6022.

Are You Cyber Safe? Protect Your Microsoft 365 Products from Online Threats – Part 2

SQL Saturday Part 2: Learning About Microsoft Fabric

My Trip to SQL Saturday Atlanta (BI Edition): Part 1

Enabling BitLocker Encryption with Microsoft Intune

Let’s build something amazing together