Enable Microsoft Secure Score

Check Secure Score now and take action

The overall cyber threat landscape has evolved from traditional opportunistic threats to persistent and determined adversaries. Microsoft Secure Score helps increase your organization’s security by encouraging you to use the built-in security features in Office 365 (many of which you already purchased but might not be aware of).

Secure Score analyzes your Office 365 security based on your regular activities and security settings and assigns a score. Begin by taking note of your current score. The goal is not to achieve the max score, but to be aware of opportunities to protect your environment that do not negatively affect productivity for your users.

See how Secure Score it works

5 Ways to Secure Office 365

As a top Microsoft Partner iV4 has identified Office 365 security best practices that you can put in motion to immediately help protect and secure your environments.

1. Enable Multi-Factor Authentication for Global Admins

Security breaches of an Office 365 account, including information harvesting and phishing attacks, are typically done by compromising the credentials of an Office 365 global admin account.

Enabling multi-factor authentication (MFA) for global admins will make it much more difficult for an attacker to steal admin credentials because it requires the user to verify their identity in at least two ways such as a text message, call or notification through a mobile app.

2. Enable Multi-Factor Authentication for All Users

When it comes to protecting your accounts, two-step verification should be standard across your organization. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the trusted device.

• You get a free version of Azure multi-factor authentication as part of your Office 365 for business subscription. For a list of features included in your version of Office 365, see How to get Azure Multi-Factor Authentication.

3. Enable Advanced Threat Protection

Advanced Threat Protection (ATP) helps protect against unknown malware and viruses hidden in email attachments and links. With ATP, all messages and attachments that don't have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.

• ATP is included in Office 365 E5 and Microsoft 365 E5 plans. ATP can be added on to the Office 365 plans listed here.

4. Disable Accounts Not Used in 30 Days

While there may be legitimate circumstances where an account is unused for 30 days, these accounts can be targets for attackers who are looking to find ways to access your data without being noticed.

Deleting unnecessary accounts when an employee leaves, changes groups, or does not use the account prior to its expiration helps prevent breaches. When an account is deleted, it becomes inactive. For approximately 30 days after having deleted it, you can restore the account.

5. Complete User Alternate Information

Completing alternate information for all users, such as personal email or cell phone number, will allow you to safely contact users to verify their identity in the event that abnormal activity occurs. (If at any point you do enable multi-factor authentication, users will be able to complete the registration.)