Is Microsoft 365 secure? Protecting sensitive and valuable documents with Microsoft 365
Here are 5 ways Microsoft 365 enforce security across their platforms:
Multi-factor authentication
What is MFA? MFA works in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. With Multi-Factor Authentication being almost 100% effective at stopping hackers from gaining access to company resources – Microsoft strongly support the use of MFA to secure your organisation.
Microsoft states ‘Your passwords can be easily compromised. MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application.’ Offering several different forms of MFA:
- Microsoft Authenticator – Approve sign-ins from a mobile app using push notifications.
- Windows Hello For Business - Replace your passwords with strong two-factor authentication (2FA) on Windows 10 PCs.
- FIDO2 security keys - Sign in without a username or password using an external USB, near-field communication (NFC), or another external security key that supports Fast Identity Online (FIDO) standards in place of a password.
- Hardware tokens - Automatically generate a one-time password (OTP) based on open authentication (OATH) standards from a physical device.
- Software tokens - Use the Microsoft Authenticator app or other third-party apps to generate an OATH verification code as a second form of authentication.
- SMS & voice - Receive a code on your mobile phone via SMS or voice call to augment the security of your passwords.
Encrypt & back up essential data
Data encryption is the process of encoding information – allowing this to only be accessible and read if it is decrypted, only available from authorized users. Data encryption stems across financial information, business files to personal information.
Encryption is an important part of file and information protection strategies, Microsoft 365 provide multiple layers of encryption to ensure files are secure and protected. Taken from Microsoft, here are the content types & the encryption available within Microsoft 365:
|
Kinds of Content |
Encryption Technologies |
Resources to learn more |
|
Files on a device. These files can include email messages saved in a folder, Office documents saved on a computer, tablet, or phone, or data saved to the Microsoft cloud. |
BitLocker in Microsoft data centres. BitLocker can also be used on client machines, such as Windows computers and tablets |
Windows IT Center: BitLocker |
|
Files in transit between users. These files can include Office documents or SharePoint list items shared between users. |
TLS for files in transit |
Data Encryption in OneDrive for Business and SharePoint Online |
|
Email in transit between recipients. This email includes emails hosted by Exchange Online. |
Office 365 Message Encryption with Azure Rights Management, S/MIME, and TLS for an email in transit |
Office 365 Message Encryption (OME) |
|
Chats, messages, and files in transit between recipients using Microsoft Teams. |
Teams use TLS and MTLS to encrypt instant messages. The media traffic is encrypted using Secure RTP (SRTP). Teams use FIPS (Federal Information Processing Standard) compliant algorithms for encryption key exchanges. |
Mass and physical security on Microsoft servers
Microsoft designs, builds and operates industry-leading data centres, with limited physical access to where our data is stored. Taking a layered approach to protecting the data centre, Microsoft uses physical 24/7 security at the facilities perimeter, the building perimeter, the building entrance, inside the building and on the data centre floor. Further protected with strict request and approval access only, 24/7 security cameras & a physical security team within the building at all times.
Manage privacy settings
'Microsoft is committed to providing you with the information and controls you need to make choices about how your data is collected and used when you’re using Microsoft 365 Apps for enterprise.'
Microsoft 365 for Enterprise provides new policy settings that allow you to control settings related to:
- Diagnostic data that is collected and sent to Microsoft about Office client software being used
- Connected experiences that use cloud-based functionality to provide enhanced Office features to you and your users.
The following are the new policy settings
The following are the five new policy settings:
- Configure the level of client software diagnostic data sent by Office to Microsoft
- Allow the use of connected experiences in Office that analyze content
- Allow the use of connected experiences in Office that download online content
- Allow the use of additional optional connected experiences in Office
- Allow the use of connected experiences in Office
Microsoft Secure Score
Microsoft secure score uses machine learning to create a measurement of an organisation's security levels. Organisations can access in-depth visualisations of metrics and trends, integration with other Microsoft products, score comparison with similar organisations, and much more.
Secure Score helps organizations:
- Report on the current state of the organization's security posture.
- Improve their security posture by providing discoverability, visibility, guidance, and control.
- Compare with benchmarks and establish key performance indicators (KPIs).
As a recognized digital transformation provider and partner, our expert team are available to assist in any projects or consultancy you may need this year.
As a Microsoft Gold Partner, we have expertise in cloud technology, collaborating with SharePoint and Microsoft Teams, and enhancing customer relationships with CRM systems and portals. Get in touch with our team to learn more at sales@blacklightsoftware.com.
Blacklight Software