The Top 5 Microsoft 365 Email Security Best Practices

2. Block attachments used for malware

Again, Microsoft 365 and Microsoft Exchange offer some robust anti-malware capabilities out of the box, including multiple anti-malware scan engines, real-time threat response, and rapid integration of new patches and malware definitions to respond quickly to new threats. But you can go even further by blocking email attachments of files that are commonly used for malware. 

Just sign into the Microsoft 365 Security and Compliance center, look under Threat Management and select Policy, then Anti-Malware. Double-click the default policy, then click Settings. Turn on Common Attachment Types—in the future, you can add or remove attachment types as needed. This step will add another layer of protection for your network in the event that authorized employees are careless about opening suspicious messages.

3. Create anti-ransomware mail flow rules

For improved Microsoft 365 email security, prevent hackers from locking you out of your own data systems and even your devices. You’ll need to create mail flow rules that block attachments commonly used for ransomware. Just open the admin center for Exchange, click on Rules under Mail Flow, then click Create a New Rule. You’ll be presented with a wide range of options that allow you to either block emails that could contain ransomware and other malicious code, or to preemptively warn users who receive such emails.

A ransomware attack can be one of the most financially damaging forms of online threat. It’s better to be particularly cautious in this arena and favor stringent rules, rather than leave the door open to emails with malicious code. 

4. Implement additional security software

Businesses serious about safeguarding will want to choose a robust, email-specific tool like SolarWinds Mail Assure. This cloud-based solution focuses solely on email security, at an affordable per mailbox rate for any businesses of any size. With no additional hardware or maintenance needed, this tool integrates with Microsoft 365 to protect against spam, viruses, malware, and phishing, using a global threats database to identify even the latest scams. 

5. Use Office Message Encryption

Microsoft 365 has Office Message Encryption on as a default. The service encrypts both incoming and outgoing email messages and is fully compatible with the web-based version of Outlook, Gmail, Yahoo!, and other common email platforms. Email message encryption is critical for protection against email-borne malware because it represents the first layer of security, blocking outsiders from viewing message content.

With little exception, the rule at your office should be to use either or both of the two protection options that Office Message Encryption provides when sending an email message: Do Not Forward and Encrypt.

Going beyond security basics

Each of these steps is uniquely important, but the secret to eliminating the threat of malware can’t be boiled down to a one-size-fits-all security posture. Developing a strong policy for safeguarding data and emails on Microsoft 365 will require MSPs to understand each client’s unique security vulnerabilities and acknowledge the impact that certain best practices might have on their productivity. Following best security practices is only the first step toward establishing Microsoft 365 security.

For optimal email security, it’s best to go beyond basic Microsoft 365 functions and consider software that can keep an email server safe in the event of an attack or outage. Security isn’t a single, straightforward process, but a long journey that requires constant vigilance against advancing threats. These first steps will help lay a crucial foundation for companies hoping to remain protected from malware attacks. 

Interested in learning more about Email security? Explore our product suite to see how you can improve email security for your Microsoft 365 environment.