Microsoft Office is a stalwart in the business world, and Microsoft’s latest iteration, Office 365, may be the best yet. It’s a big leap forward: it’s the first build of Microsoft Office to fully embrace the cloud and robust online collaboration. By just about every metric, it’s a smashing success, too. A recent survey from Sky High Networks showed tremendous growth both in the percentage of companies with 100+ users (91.4% in Q2 2016) and inactive users within enterprise business (22%).

With this level of widespread adoption, it’s important to understand best practices in Microsoft Office 365 security.


What are the benefits pushing enterprises to Office 365? There are many, including these.

Better Continuity Through Microsoft Office 365 Security

Because Office 365 can be run on just about any device, you can get work done just about anywhere. Even in a natural disaster, your files are protected in the cloud, and you can access them as soon as you find an internet connection.

Better Collaboration

One of Google’s main advantages over Microsoft used to be collaboration. Any invited user could drop into a Google Doc and work alongside others. With Office 365 and Office Online, Microsoft catches up and possibly even surpasses Google on the collaboration front.

Normalize IT Spend

Office 365 is a subscription-based product, meaning your costs are fixed. You don’t get hit every few years with massive upgrade costs.

Microsoft Office 365 Security Is Better Than Yours

This is blunt but true: your SMB security efforts—and even those of your MSP, if you have one—pale in comparison to Microsoft’s efforts. They’ve built an exceedingly secure system, and they stake their reputation in part on keeping that system uncompromised.

What’s the Risk, Then?

While Office 365 is a very secure platform, it’s not risk-free. Its gargantuan user base and the potential value of the content stored on its servers make it a major hacking target.

Threats to Microsoft Office 365 Security: Hacked Passwords

Because Office 365 is tied to a credentialed login, you can use it just about anywhere. Just navigate to, log in, and you have access to a web-based version of your entire Office suite. This is convenient, but it means that your Office 365 files are only as secure as your password. If a hacker gets your password, he or she now has access to your files.

Hackers employ several techniques to steal business credentials, including phishing, buying on the dark web, and even good old-fashioned snooping (like snapping a photo of that sticky note full of passwords you’re hiding under your keyboard!). Microsoft can’t fix this for you, but you can take steps to mitigate the risk. Create strong, unique passwords (and don’t keep them on a sticky note!) and educate yourself on how phishing campaigns work.

Threats to Microsoft Office 365 Security: Deleted Work

Moving to Office 365 changes the way your files and emails are stored. Now they’re in the cloud, and your default on-site backups probably aren’t working the way they used to. It’s important to understand the ramifications and to set up a proper cloud-based backup system that can interface with Microsoft’s cloud-based systems. If not, you run the risk of deletions.

Malicious deletions and accidental ones are both real possibilities in your business. With an on-premises backup server, restoring deleted files is relatively painless if they have been backed up properly. With a cloud service like Office 365, restoration can be more complex. You also need to understand how your plan handles retention. All plans have some level of retention for data (like emails and personal cloud storage) belonging to users that have left the company. Duration and depth vary according to your plan. Make sure you understand your plan’s retention policies, and be sure to save locally any data that you’ll need long-term.


Here are a few practical security solutions you can implement to improve Microsoft Office 365 security.

Two-Factor Authentication

Two-factor authentication (2FA) is the best protection against password hacking. Without 2FA, all hackers need to access your information is your username and password. With 2FA, there is a second layer of protection. After providing your username and password, you’ll need to provide a second method of proving you’re who you say you are. This can take the form of a numeric code that’s texted to your mobile, or a rotating code on a key fob, among others.

Microsoft has its own 2FA module, but we recommend using a single, system-wide 2FA system instead, like AuthAnvil.

Cloud Backup: Datto

If you’re embracing cloud software and services, your local, on-site backup is no longer going to be sufficient. Implementing a cloud backup service that interfaces well with Office 365 is the key to avoiding trouble with deletions, whether malicious or accidental. We recommend a solution named Datto.

Datto is a powerful cloud backup service. Three times a day, Datto takes a complete snapshot of your data that’s both image and file based. These backups capture your entire Office 365 environment: Exchange Online, OneDrive, and SharePoint are all included. Datto provides unlimited data backup with one-year retention, and it gives the ability to restore an entire image or select granular files.

Email Security: Proofpoint

You need much more than just a spam filter on your email. Proofpoint is our recommendation for an email security solution. It’s a powerful monitoring and protection tool that will give you peace of mind about viruses, ransomware, and phishing attacks.

Dark Web Protection: PI Protect

PI Protect helps you in two ways. It forces training on your users on how to avoid phishing scams, and it scans the dark web for potentially compromised credentials.


Navigating the transition to Office 365 is easier with help from a qualified MSP. Contact us today to learn more about how CSP, Inc. can help. We understand how to navigate cloud services, including Office 365.

IT Companies in Raleigh

Download Our

IT Company in Raleigh

On What Questions You Need To Ask Before Signing Any Agreement.

Raleigh IT Support

Latest Tweets