Strengthening the Security of your Microsoft 365 – 6 more ways to safeguard your 365 accounts

By in
Strengthening the Security of your Microsoft 365 – 6 more ways to safeguard your 365 accounts

Recent years have seen a sharp rise in both the prevalence and sophistication of cyber-attacks.  Over 50% of attacks target small to medium sized businesses, and with the average data breach costing small businesses between $120,000 and $1.24, the consequences can often be crippling. 

As we’ve discussed, Microsoft’s revolutionary 365 product line might be game changing when it comes to business productivity, but it doesn’t make you immune from cyber threats.  In our last article we looked at some of the standard security tools you can deploy right away to make your 365 environment more secure.  Now let’s explore 6 further ways you can safeguard Microsoft 365.  Please note that some of the following tools may not feature in your 365 subscription, and may require additional outlay.

Set up dedicated admin accounts

Accounts with admin privileges afford unparallel access across your 365 environment, with unbridled access to data and the ability to configure security settings.  If such an account were compromised by a hacker, the damage could be horrific, with the account affording the criminal unrestricted lateral movement throughout your 365 environment.

System administration should therefore be carried out using a dedicated account with no day-to-day functionality.  This means no email, no web browsing, no internet-connected applications – basically no way for a cybercriminal to infiltrate and hijack the account. 

Use a third-party backup

Some Microsoft 365 features – like geo redundancy and email retention policies – may at first glance appear to act as backups, but sadly 365’s native capabilities only back up data in a very limited way.  A comprehensive third-party backup solution designed for 365 will let you back up and restore your data in ways well beyond the scope of 365’s in-built tools.  Enjoy point-in-time restoration capabilities, easy data discoverability and exceed your compliance obligations with a full-featured, dedicated backup service.

Phishing awareness training

“Phishing” is a tactic used by cyber criminals involving emotional manipulation, typically to obtain sensitive information or extract a cash reward from victims.  “Phishing scammers” as they’re often known, frequently use email as their attack medium of choice.  They infiltrate email inboxes and attempt to convince their victims to open malware-infested attachments, visit rogue websites or even divulge sensitive information directly.   The email inbox is probably the single biggest vulnerability in your Microsoft 365 environment, so along with the deployment of technical tools like email filters, it’s vital your team undergo phishing awareness training so they’re able to spot rogue emails.

Deploy mobile device management (MDM)

If your team work remotely, either fully or partially, it’s vital the devices they use are securely configured to safeguard your data.  Mobile device management solutions enable administrators to remotely configure, maintain and apply restrictions to remote devices,  keeping data safely within your oversight and ensuring only authorized personnel are accessing your online services.  Microsoft Intune is an MDM tool incorporated within Microsoft’s Enterprise Security and Mobility Suite, and available as part of certain 365 Enterprise packages.  It integrates with Azure Active directory, allowing for extensive governance of remote 365 environments.

Institute data loss prevention policies

Data Loss Prevention (DLP) can identify sensitive information stored in OneDrive, SharePoint, Exchange and Outlook, with the ability to scan for sensitive information types such as financial data or personally identifiable information (PII).  Accessible from within the Microsoft 365 Security & Compliance Center, data loss prevention policies let you apply controls to prevent the misuse, deletion or misplacement of such items.

Deploy Extended Threat Detection and response (XDR)

For added peace of mind, consider deploying an extended threat detection and response solution, that will allow you to home in on potential threats and take action in real-time to prevent escalation.  Microsoft Defender is one such solution, offering threat detection, resolution and investigation capabilities with organization-wide coverage, including multi-cloud, hybrid-cloud and on-premise environments.

In addition to the tools and practices we’ve outlined, a wide range of other security deployments such as firewalls and encryption technologies can be employed as part of a holistic data security strategy. 

Data security is never a single-fix action: it’s a process requiring constant evolution in response to a threat landscape that never stands still.  Seeking the advice and guidance of a trusted technology partner will ensure no stone is left unturned in the creation of your business’s cyber defense posture.  Here at Echelon Technologies we have been helping our clients secure their networks and exceed their data compliance obligations since 2002, using best-in-class security products combined with decades of IT security experience.  Get in touch to find out how we can help you keep the cyber bad guys well away from your vital data and systems.


Since 2002, Echelon Technologies has been a leading provider of IT support and consulting, focusing on small and medium-sized businesses in the Greater Phoenix area. We have helped hundreds of companies, and thousands of users, to increase productivity and profitability by making IT a streamlined part of their operations. We equip our clients with customized technology solutions for greater operational value and to reduce risk. Please don’t hesitate to get in contact and see what we can do for you.