Securing Your Organisation’s Office 365 Environment

The number of cyber-attacks targeting Office 365 (O365) are on the rise. However, despite warnings from the UK’s National Cyber Security Centre, many organisations aren’t fully aware of the risks or struggle to know how to best defend their business against them. By Chester Avey

If your business uses O365 or is considering migrating to the service, then here’s some top tips to help keep your business secure.

Enforce multi-factor authentication 
It is often the smallest things that make the biggest difference to your cyber security – and one of the best, and simplest, ways to secure O365 is through the use of multi-factor authentication (MFA). With MFA enabled, all your organisation’s O365 users will be sent a code to their mobile phone when they try to log in to their account; meaning that in the event that a criminal is able to obtain a user’s password, the person will not be able to access to the account.

It is actually very easy to set up multi-factor authentication in O365 and while it elongates the procedure of logging in, it is certainly worth it due to the extra layer of security it provides. 

Manage from dedicated admin accounts
Some businesses make the mistake of using a single account to administrator O365. While this is often more convenient way of working it actually significantly increases overall cyber security risk. If an administrator account is compromised, criminals will likely obtain access to the whole environment.

It is a much better idea then, to keep administrative accounts separate to the ones used on a day-to-day basis. To reduce the risk of an admin falling foul of a phishing, it’s also advisable that these accounts are not set up with a licensed mailbox. 

Use full mailbox audit logging
Another way to improve O365 security is to activate full audit logging – which will help to improve visibility of user actions across your whole environment. This includes visibility of which users are logging in and from where. 
You can then use network and endpoint monitoring systems like SIEM in order to help detect threats and respond to them by improving the effectiveness of the identification of tactics and techniques used by cybercriminals.  

Provide staff with training
One of the most valuable things that any organisation can do to improve the security of O365, is to provide cyber awareness training to staff. People continue to be the weak link in the cyber security chain so improving knowledge can be an extremely valuable thing to do. 

Of course, it is essential that this training is regularly updated to recognise the latest security risks, such as phishing attacks against O365 users. 

Disable email auto forwarding
In the event that a hacker is able to gain access to a user’s O365 account and mailbox, a common tactic is to send copies of any incoming emails to another address. This allows them to continue to eavesdrop on communications should they lose access to the account.

Nevertheless, this kind of attack could mean the loss of sensitive data. Thankfully this type of action can easily be prevented by the creation of a mail transport rule in the O365 admin centre to block users from being able to auto-forward emails to external accounts. 

Check Cloud Solution Provider access

If your organisation bought its O365 subscription through a Cloud Solution Provider (CSP), check to see whether that partner has access to the environment. Many CSPs receive access by default and are now being targeted by cyber criminals for this reason.  One recent example is an attack on PSM, a US cloud company.

Additional steps to take

Before you decide upon whether to invest in supplementary technology from Microsoft to further improve the security of O365, it is worth evaluating the many third-party tools available. To help you do this, consider consulting with cloud management and monitoring specialists who can provide the extra technology, support and expertise you need to further enhance your organisation’s security.

It could also be hugely beneficial to commission penetration testing to help detect and address vulnerabilities such as those relating to insecure network and system configurations.

Chester Avey is an independent business consultant:     

You Might Also Read: 

Dealing With Malicious Emails:

 

 

« Cyber Crime In Britain
Psycho-Cyberchology »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.