How to Better Secure Your Microsoft 365 Environment

Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
Rushing to the Cloud? Don't Forget Security Staff
Review Security Default Settings
Buckle Down on Data Protection
Double-Check Employees' Privileges
MFA: Not Only for Administrators
Consider CASB
Do You Need Conditional Access?
Strengthen Email Security Settings
Educate Employees

Cloud security concerns have long been top-of-mind for many IT security pros tasked with protecting data, applications, and infrastructure in cloud environments, but they became a priority for just about everyone in 2020 as businesses scrambled to support remote employees.

Related Content:

7 Cloud Attack Techniques You Should Worry About

Special Report: Understanding Your Cyber Attackers

New From The Edge: How Cybersecurity Newbs Can Start Out on the Right Foot

Securing Microsoft 365 is a big part of this conversation, both because of its ubiquity in global organizations and a recent surge in cyberattacks targeting enterprise cloud platforms. A Jan. 13 alert from the DHS' Cybersecurity and Infrastructure Security Agency (CISA) warned companies of "several recent successful cyberattacks" against cloud services. Many attacks occurred when employees worked remotely and used corporate and personal devices to access cloud services.

This trend was underscored by the recent discovery of the SolarWinds cyberattack, a large, complex campaign targeting US government agencies and businesses, including Microsoft. While many victims were infected via SolarWinds software updates, it was recently revealed Malwarebytes was targeted by the same attackers via another vector that gained privileged access to Microsoft 365 and Azure. 

While SolarWinds was an especially complicated and widespread attack, there are many more common cloud threats that businesses should be worried about.

Organizations experienced an average of 2.8 cloud security incidents in the past 12 months, Netwrix researchers found in their Cloud Data Security Report. Most common are phishing attacks (40%), ransomware or other malware attacks (24%), accidental data leakage (17%), targeted attacks on cloud infrastructure (16%), and account compromise (16%).

Fortunately for IT and security teams, there are many steps they can take to lock down Microsoft 365 environments and protect businesses from these common cloud-focused attacks. For starters, it's essential to learn which security tools come with your Microsoft 365 package. 

"Despite the rebranding to Microsoft 365, Microsoft licensing remains complex," says Rick Holland, CISO and vice president of strategy at Digital Shadows. Customers must choose from one of several options: Business Basic, Business Standard, Business Premium, Enterprise F3, Enterprise E3, and Enterprise F5, each of which has different range of tools and functionalities.

"It is essential to understand what security features your license entitles you to and what you may be missing," Holland says.

Next slide
Recommended Reading: