Sep 24, 2020


Managed I.T., Digital Transformation


Todd Knapp

At first glance, this statistic may seem disproportionately high for a single organization. However, when you take into account the fact that the global cost of cybercrime has now reached as much as $600 billion, this claim starts to make more sense. Cyber-attacks are now the fastest growing category of crime in the United States.

With a clear and growing shortage of cybersecurity professionals, organizations around the world are turning to the reversely saturated market of security products and services to ramp up their security measures. However, we frequently see organizations run into the same two issues when they begin to implement a multitude of cybersecurity products and services: (1) Many of these security solutions have overlapping features, and perhaps most importantly (2) There is little to no communication between the different platforms. This is where Microsoft 365 Business can help.

Accessing M365’s Security Features

Microsoft offers a range of M365 plans for organizations that vary based on service and security options, data limitations, Windows10 features, VoIP, and a slew of other software add-ons. However, for the purposes of this article, we’ll focus on Microsoft 365 for Business. If your organization primarily uses M365 Business to take advantage of Windows 10 and the popular O365 productivity apps (Outlook, Word, PowerPoint, Teams, OneDrive, Sharepoint, etc.), you may not be aware of the lengthy list of security features that are also included with your subscription. That’s right – these are INCLUDED with what you already have in place! In most cases, you simply need to enable these features to take advantage of them in your environment.

M365 Business Security Feature Breakdown

Here’s a top-down look at what a M365 Business Plan can offer in terms of enhancing your security stack:

1. Azure Active Directory P1

A comprehensive identity and access management cloud solution, combining core directory services, application access management, and advanced identity protection. The P1 edition comes with unlimited Directory Objects and Single Sign-On, Advanced Group Access Management, Conditional Access, and a variety of other premium security features.

2. Azure Information Protection P1

A cloud-based solution that enables you to control and secure email, documents, and sensitive data that is shared externally. With this solution, you can configure policies to classify, label, and protect data based on its level of sensitivity. The P1 edition includes additional software developer kits for all platforms, protection for non-Microsoft office file formats (PTXT, PJPG, PFILE), and the ability to track and revoke documents, among other defensive features.

3. Conditional Access

The tool used by Azure Active Directory to implement security check(s) for users requesting access to private documentation/data. When a user attempts to access information, Conditional Access policies evaluate signals (location, application, device, etc.), then execute one of three follow-up actions based on the validity and accuracy of those signals. CA policies can (1) Grant access immediately, (2) Grant access after the user has successfully performed a form of MFA, or (3) Block access entirely.

4. Multifactor Authentication (MFA)

MFA helps to safeguard access to data and applications by requiring two or more methods of verification when a user requests access. These verification methods are often classified using the following buckets:

  • Something you know (i.e., a password)
  • Something you have (i.e., a trusted device)
  • Something you are (i.e., a fingerprint)

5. Microsoft Intune

A cloud-based service that enables you to manage mobile devices and applications. With Intune, you can deploy and authenticate apps on devices, control the way users access and share information, and ensure all devices and apps are compliant with your security procedures. If your organization has a BYOD (Bring Your Own Device) policy, Intune is a great way to ensure employees can access sensitive data and custom applications in a secure way.

6. Self Service Password Reset

A simple means for IT administrators to enable users to reset their password or unlock accounts using a security code sent to an email address or mobile device.

7. Office 365 Protections

These include anti-phishing, anti-spoofing, malware detection, safe links, and safe attachments.

8. Windows 10 Hello and BitLocker

Windows Hello in Windows 10 allows users to sign into their device more securely using a PIN. A PIN is more advanced than a password because it is tied to the specific device on which it was configured. For additional protection on devices with a PIN, you can set up Windows 10 BitLocker to limit the number of failed sign-ins. BitLocker is a data protection feature designed uniquely for lost, stolen, or inappropriately decommissioned devices.

9. Windows Desktop Exploit Guard

A four-component set of intrusion prevention measures intended to protect against malware and ransomware attacks. This newer security tool leverages Attack Surface Reduction (ASR), network protection, controlled folder access, and exploit protection to protect sensitive data against advanced cyber-threats.

10. eDiscovery, Retention Policies, and Litigation Hold

These three processes are critical in the event of a litigation or security breach. eDiscovery, or Electronic Discovery, identifies and securely delivers data to be used as evidence in legal cases. Retention Policies allow you to manage what information your system stores and for how long. With a Litigation Hold, you can place all mailbox content – including deleted items and original versions of modified items – on hold, either indefinitely or for a specified period.

Scale Down, Save, and Secure

Besides the fact that M365 Business by itself has a lot to offer, there’s an auxiliary benefit that you may not have taken into consideration. Let’s revisit the very first sentence in this blog - the average enterprise uses 75 security products to secure their network. If you’re like most organizations, you have more cybersecurity solutions in place than you can devote the proper amount of time, attention, and personnel to. With a M365 Business subscription, there is potential to retire some of your existing security products while still maintaining an advanced level of security. This could not only help you to scale down your existing security framework, but it could also save you significant time, money, and unnecessary complication. If your business already leverages the Office 365 suite, and you feel overwhelmed by your current security stack, upgrading to a Microsoft 365 Business plan could be exactly the solution you’ve been looking for. Even if your organization is not currently configured with Office 365, you could still recognize significant cost savings within your productivity and cybersecurity budgets with an M365 Business subscription.

Ready to Subscribe or Upgrade? We Can Help.

Are you ready to get started with an M365 Business subscription? Do you want to reduce the volume of security tools your organization is using while saving money and maintaining advanced threat protection? Our software and security experts are here to help. Contact us today to learn how we can help your organization configure a smarter solution, without sacrificing productivity, security, or your bottom line.