The Top 5 Microsoft 365 Email Security Best Practices

How good is your Microsoft 365 email security? Every company that uses this popular suite of cloud-based productivity applications should be asking themselves this question. Cloud-based services are also vulnerable to malware insertion, and email is the most common entry point for malware. It should, therefore, be a priority for MSPs that their clients know and enforce some Microsoft 365 email security best practices.

Is Microsoft 365 secure? 

That isn’t to say that Microsoft’s service is somehow inherently insecure—on the contrary, the company takes uniquely stringent security precautions. For example, it won’t publicly disclose the location of its physical servers, making it known only that the area is under tight surveillance at all times. It also offers encryption for data both at rest and in motion, going above and beyond what other cloud platforms provide to ensure your network transmissions aren’t intercepted.

Does Microsoft 365 include antivirus, anti-spam (AVAS) protection? 

Exchange Online Protection is the built-in antivirus for Microsoft 365 security, guarding inboxes against spam, viruses, and known malware. This provides a basic layer for email safeguarding. But even with Microsoft covering the back end, there’s still plenty that hackers can do to seize user data and introduce harmful malware onto the network if users aren’t actively working to secure their platform. If you’re looking to take your business clients beyond the basics of stronger passwords and two-factor authentication, we’ve compiled a list of best practices for Microsoft 365 email security that should help leave you well prepared for the growing threats that enterprises face today from malware and data exposure.

1. Use Microsoft 365 Secure Score

If you haven’t checked out Microsoft 365’s suite of out-of-the-box security tools or read our blog on the subject, you may not have ever used Microsoft 365 Secure Score. The tool uses advanced analytics to recommend actions you can take to keep digital assets safer. It’s a great example of gamification, taking the complex work of cybersecurity and turning it into an intuitive and engaging app that allows the user to slowly but surely improve their security stance.

The system gives you a “score” out of 452, though the goal isn’t necessarily to get as many points as possible. Secure Score recommends reaching a “balanced” score between 254 and 372 that indicates you do enough to secure your email data, but not so much that it unnecessarily impacts productivity. Secure Score takes into account security needs, settings and recent activity, and current Microsoft services in order to recommend the practices best suited for the enterprise.

2. Block attachments used for malware

Again, Microsoft 365 and Microsoft Exchange offer some robust anti-malware capabilities out of the box, including multiple anti-malware scan engines, real-time threat response, and rapid integration of new patches and malware definitions to respond quickly to new threats. But you can go even further by blocking email attachments of files that are commonly used for malware.

Just sign into the Microsoft 365 Security and Compliance center, look under Threat Management and select Policy, then Anti-Malware. Double-click the default policy, then click Settings. Turn on Common Attachment Types—in the future, you can add or remove attachment types as needed. This step will add another layer of protection for your network in the event that authorized employees are careless about opening suspicious messages.

3. Create anti-ransomware mail flow rules

For improved Microsoft 365 email security, prevent hackers from locking you out of your own data systems and even your devices. You’ll need to create mail flow rules that block attachments commonly used for ransomware. Just open the admin center for Exchange, click on Rules under Mail Flow, then click Create a New Rule. You’ll be presented with a wide range of options that allow you to either block emails that could contain ransomware and other malicious code, or to preemptively warn users who receive such emails.

A ransomware attack can be one of the most financially damaging forms of online threat. It’s better to be particularly cautious in this arena and favor stringent rules, rather than leave the door open to emails with malicious code.

4. Implement additional security software

Businesses serious about safeguarding will want to choose a robust, email-specific tool like SolarWinds Mail Assure. This cloud-based solution focuses solely on email security, at an affordable per mailbox rate for any businesses of any size. With no additional hardware or maintenance needed, this tool integrates with Microsoft 365 to protect against spam, viruses, malware, and phishing, using a global threats database to identify even the latest scams.

5. Use Office Message Encryption

Microsoft 365 has Office Message Encryption on as a default. The service encrypts both incoming and outgoing email messages and is fully compatible with the web-based version of Outlook, Gmail, Yahoo!, and other common email platforms. Email message encryption is critical for protection against email-borne malware because it represents the first layer of security, blocking outsiders from viewing message content.

With little exception, the rule at your office should be to use either or both of the two protection options that Office Message Encryption provides when sending an email message: Do Not Forward and Encrypt.

Going beyond security basics

Each of these steps is uniquely important, but the secret to eliminating the threat of malware can’t be boiled down to a one-size-fits-all security posture. Developing a strong policy for safeguarding data and emails on Microsoft 365 will require MSPs to understand each client’s unique security vulnerabilities and acknowledge the impact that certain best practices might have on their productivity. Following best security practices is only the first step toward establishing Microsoft 365 security.

For optimal email security, it’s best to go beyond basic Microsoft 365 functions and consider software that can keep an email server safe in the event of an attack or outage. Security isn’t a single, straightforward process, but a long journey that requires constant vigilance against advancing threats. These first steps will help lay a crucial foundation for companies hoping to remain protected from malware attacks.