5 Little Known Security Features of Microsoft

A close up picture of a person wearing spectacles with shadows of coding on his face.

Cybercriminals are continually introducing new ways to access sensitive and personal data from computers, smartphones, and other digital devices. Office communication and computer systems are more vulnerable than ever as workers rely on email and file-sharing capabilities to perform in-house and remote work. Microsoft Office 365 unveiled a new set of built-in, customizable security measures to prevent valuable business information from getting into the wrong hands.

New tools with expanded features and functionalities help Office 365 users protect business-related data from the latest cybersecurity threats. Increased options for built-in and customized controls help businesses meet compliance standards while securing their most precious systems and data.

5 Valuable Security Features in Microsoft Office 365

More businesses are moving data to cloud-based services and storage centers to accommodate for changing work environments. Office 365 implements additional security measures and features within regular updates to accommodate for the latest methods of cybercrime. The latest updates make it easier to customize your security needs and adjust your changing business model and the latest threats to your data.

Some of the following security features come standard with the basic Office package, while others are included with upgraded service subscriptions.

1. Data Loss Prevention (DLP)

Effective data storage compliance, security, and collaboration are part of an effective data loss prevention (DLP) strategy. Cloud-based and on-site databases and the information housed on them are in constant jeopardy without the protection of proper DLP protocols in place. Customized settings allow managers to control incoming and outgoing protections that can prevent emails from being received or sent, send notifications, or both, depending on your needs and threat assessment. For example, if an employee inadvertently forwards an email with sensitive banking information, DLP protocols would stop that email. This would even work if a critical file were to be copied onto a0 flash drive. 

  • Sensitivity Labels: Sensitivity labels included as a condition for Microsoft DLP policies take into account the context of information. Labels define actions and locations within Endpoint DLP that customize your protection needs.  
  • Compliance Center Dashboard: The new compliance center includes a dashboard to help easily manage DLP alerts and notifications. Details regarding sensitive information allow reviewers to identify high-risk content so they can be handled before causing any harm.
  • Conditions and Exceptions: Existing DLP predicate capabilities are enhanced to provide increased flexibility to your protection strategies. DLP policies are only applied to emails that match customized conditions that include or exclude content.

2. Conditional Access

Conditional access with the Azure Active Directory in Office 365 allows control over the accessibility of resources within your business. Multi-factor authentication supports where and how resources are accessed from a centralized location. Content is protected by requiring a predetermined set of criteria based on factors like the type of device, app, and location before access is granted. Conditional access can apply to groups of users or individuals for total flexibility and control.

Benefits of deploying Microsoft Office 365 conditional access include:

  • Increased Productivity: Conditional access allows businesses to control when their users are prompted for multi-factor authentication (MFA), when access is denied, and when using a trusted device.
  • Risk Management Automation: Risky sign-ins are identified and remediated or blocked using policy conditions from automated risk assessments. Conditional access is designed to detect anomalies and suspicious content when access to resources is gated or blocked.
  • Compliance and Governance: Conditional access provides audit access to applications and presents terms of use for consent. Access can also be restricted based on compliance policies.

3. Secure Score System

Microsoft establishes a secure score that measures the state of your digital security and offers recommendations for improvement. The Microsoft 365 security center allows you to monitor the security of your team’s apps and devices.

The system will assign you tasks to help improve cybersecurity in your business. A secure score is then based on a point system that rewards you for applying those security-related tasks, as well as completing any other recommended security measures and addressing shortcomings with mitigation activities, such as third-party software.

4. Passwordless Login

Creating and remembering multiple, strong passwords has been the bane of users since the first home computers came online. Passwords like “PASSWORD,” “ABCDE,” and “12345” essentially allow cybercriminals free access to computers and mobile devices.

Updated standards such as Web Authentication API (WebAuthN) and Fast Identity Online (FIDO2) now allow for passwordless authentication across all applicable platforms. Office 365 passwordless authentication is the most secure and convenient way to access the apps and information employees need to do their jobs. Removing usernames and passwords achieves enhanced security protocols and makes user authentication quick and simple.

In addition to improved account security, passwordless authentication also can decrease the need for tech support for setting up and changing forgotten passwords. Microsoft says that there are now over 150 million users throughout the world using passwordless authentication.

5. Application Guard

The Microsoft Defender Application Guard for Office is a newly introduced defensive tool that quarantines untrusted documents, so malicious files fail to reach your operating system or applications. A secured, Hyper-V-enabled container isolates these files from the rest of the system’s data, and they are opened in a virtualized environment where malicious code cannot cause damage.

Files quarantined from Word, Excel, or PowerPoint may include documents from untrusted Internet or intranet domains, files from potentially unsafe areas, and attachments received in an email.

Benefits to installing and using Microsoft application guard include:

  • Enhanced Protection: The application guard provides an additional layer of security and enhanced protection against destructive malware and viruses.
  • Contains Malware and Viruses: Files opened within the application guard are able to be read and edited while in the protective container. Keeping the malware or virus in an isolated container eliminates the chance of attacks that occur through the opening of email attachments.
  • Default Feature: The application guard is on by default Microsoft 365 Enterprise. It can be turned off for specific users and under unique circumstances if needed.

Office 365 Continues to Put Security First

Microsoft Office 365 continues to provide new ways to protect you and your business against cybercriminal behavior. Security features in Office 365 show how cloud-based storage and communication can protect data related to your company’s operation.

If you believe this could benefit your business, talk to your local IT Services provider, or if you live in Albuquerque, give David Luft, CEO of LDD Consulting, Inc., a call at (505) 792-2375. For even more detailed information about Office 365 security features, stream the latest episode of The Reboot, a panel of IT and security experts who aim to help business owners and managers critically evaluate good and bad decisions on technology.