Two factor (2FA) or Multi-factor authentication (MFA) removes your dependence on remembering ever more complex passwords and the drag of routinely changing them, together with the associated risks of them ending up written down somewhere.
It combines two or more known factors to identify you. A Password, something individual to you such as biometrics like a fingerprint or facial scan, and perhaps a passcode on a dongle or on your mobile phone. If an external threat is able to get your password, they still won’t be able to access your files without further verification. There are two options for MFA for Office 365 users: Office 365 comes with a basic, built-in option, which will work well for many organisations. Azure Multi-Factor Authentication offers yet more control at additional cost.
Mobile device management (MDM) is key to a secure Bring Your Own Device (BYOD) policy, allowing your employees to access your organisations data with their own phones and tablets. What happens if that phone gets lost or stolen?
MDM within Microsoft 365 is a solid entry level product and works well for organisations where employees will only be accessing email via their company-issued mobile devices. If you need more control, or if your employees will be accessing more than just email, or using their own devices then Microsoft Intune is the way to go. This provides more control over how data is used on mobile devices (such as restricting the ability to copy data from your infrastructure to Googledrive or Dropbox, outside of your control)
Ransomware is often spread through malicious links and attachments in emails. These attacks are getting ever more sophisticated and social engineering based, making them more effective if your employees aren’t trained in what to look for. (Speak to us about our anti-phishing training).
Advanced Threat Protection helps by stopping these malicious links and attachments before they get to your inbox. It opens the attachments and links in an insulated virtual environment and checks for malicious activity before the email gets to your users.
This is an add on for most Microsoft 365 licenses or included in Office 365 Enterprise E5.
Organisations who deal with sensitive Personally Identifiable Information such as credit card information or health records need to utilize more advanced techniques to prevent data loss.
Encrypted email ensures no one other than the intended recipient can open and read emails you send.
Data Loss Prevention ensures sensitive information doesn’t get sent outside of your organization to begin with by allowing tagging and monitoring of sensitive data within SharePoint and OneDrive for Business and Office programs like Excel and Word. It facilitates customized rules based on the location of the data, type of information (such as credit card numbers), conditions (type of information and in what context it’s being used) and defining the action to be taken (block the content completely or send a notification that this has been logged).
Azure Identity Protection uses machine learning to understand how you work and flags unusual activity. For example, it will learn where and when you typically log in, so if you log in from an unusual place and time, it can catch that. It will also detect multiple log ins in a short amount of time from multiple locations (such as your home office and a cyber criminal in another country).
If suspicious activity is detected it ca force the user to perform multi-factor authentication to verify their identity or prevent the sign in.
The threat from an administrator account being hacked is much more severe than a typical user account with least privilege access granted. However, there are users who need admin privileges for specific tasks but don’t necessarily need them all the time.
Privileged Identity Management It gives you the ability to assign users as time factored admins. It works by marking specific users “eligible”, who can then request administrative privileges as needed fora customizable period on specific areas of your infrastructure.
Why let that sensitive document ever leave your control? Rather than sending a document outside of your organisation and losing control of it, Microsoft 365 allows you to simply send a link to it on your system.
You can set rules on whether such a document can be printed or even if the link can be forwarded on. It allows you still to amend the document on your side and so that the recipient doesn’t have to worry about outdated versions. You can even set the link to expire after a defined period of time has elapsed.