How Do We Keep Using Microsoft Office 365 Securely?

Securely Using Microsoft Office 365: Questions & Answers

Although Microsoft Office 365 is an excellent IT solution, and we recommend that our clients use it, over the past few months, we have seen some significant threats emerge. There’s been a proliferation of BEC (Business Email Compromise) Scams and Microsoft Office 365 hacks resulting in large sums of money being transferred to fraudulent entities.

What’s Causing These Microsoft Office 365 Scams?

BEC Hackers are using ransomware to infect emails when you use Microsoft Office 365. These BEC and other scams can affect you when your email isn’t backed up properly.

Office 365 users receive an important email from Microsoft that appears to be harmless. It contains a link that when clicked deploys a ransomware virus that infects your computer and networks. The original scam used a virus named CryptoLocker.

It can encrypt all the files on your computer and hold them for ransom. Now you’re at the mercy of the hacker until you pay. If you don’t pay, the hacker will destroy your files.

However, it’s advised that you don’t pay because the hacker may take the money and still leave you without your files.

What Can We Do To Verify Microsoft Office 365 Security?

It all begins with knowledge. Before you can make improvements to your cybersecurity, you need to know where it is lacking.

With Microsoft Secure Score in the Microsoft 365 Security Center, you can gain more knowledge and control over your business’s security standing.

You’ll have access to a centralized dashboard where you can monitor the health and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure.

How Do We Perform A Health & Security Check On Our Microsoft Office 365 Environment?

Microsoft Secure Score allows you to determine just how secure your Microsoft Office 365 environment is, based on a comparison to Microsoft’s best practices.

It provides visualizations, an integration with other Microsoft products, a comparison of your score with other companies, filtering by category, and much more. Your score can also show the third-party solutions that have addressed the recommended improvement actions.

Here’s the most direct way to get to the Security & Compliance Center (note – admin account access is required):

  1. Go to https://protection.office.com.
  2. Sign in to Office 365 using your work account.

How Does Office 365’s Health & Security Check Work?

Microsoft Secure Score provides a numerical value to represent how in line with Microsoft security best practices you are.

You’re awarded points when you apply recommended security features, perform security-related tasks (such as viewing reports), or address an improvement action using a third-party application or software.

Some actions, like using Multi-Factor Authentication (MFA), are scored for partial completion. Microsoft understands that security should always be balanced with usability. They know that every one of their recommendations might not work in your particular Office 365 environment.

Who Can View Our Microsoft Secure Score?

Your company’s Microsoft Secure Score can only be viewed by your:

  • Global Administrator
  • Security Administrator
  • Security Reader

These roles are assigned in the Azure Active Directory. If you have difficulty doing this, contact your IT support company for assistance.

What Else Should We Know?

In your Microsoft Secure Score, you can find additional recommendations from Azure Active Directory, Intune, and Cloud App Security. Additional recommendations will be coming from the Azure Security Center and Windows Defender ATP. You can also get your score using the Microsoft Graph API.

How Are Microsoft’s Security Recommendations Organized?

Microsoft recommendations are organized into groups to help you find the information you need:

  • Identity (the state of security for your Azure AD accounts and roles)
  • Data (the state of security for your Office 365 documents)
  • Device (the protection state of the devices you use)
  • Applications (the state of security for your email and cloud apps)
  • Infrastructure (the protection state of your Azure resources; coming soon)

Where Can We Find An Overview Of Our Microsoft Office 365 Security?

The Microsoft Secure Score Overview Page provides an all-up view of your total score, the historical trend of your secure score with benchmark comparisons, and prioritized improvement actions that you can take to improve your score.

How Do We Take Actions To Improve Our Score?

You’ll find an Improvements Actions Tab that lists all the recommended actions you can take. It also shows the status of your recommended actions: completed, not completed, resolved through a third party, and ignored.

The actions labeled “Not Scored” aren’t tracked by Microsoft Secure Score. These are things that you can do to improve your security, but they won’t affect your Microsoft Secure Score.

What Third-Party Security Options Do We Have?

It’s best that you ask your IT support company. They may have their own recommendations for your business based on an overall IT security assessment of your infrastructure. In the meantime, two Microsoft Office 365 security solutions that you can ask them about are:

  1. 2-Factor Authentication for Microsoft Office 365
  2. An Office 365 Back-Up Solution

With this insight and the customized security solutions from your IT services company, you can feel confident about your Microsoft Office 365 security standing.

Need more information about cybersecurity? Check out these links:

What You Need to Know About NextGen Malware and AntiVirus Protection

5 Crucial Elements to Training Your Employees in Optimal Cyber Security

UEFI Rootkits

Contact info

Connect With Clearpath