Office 365 Exchange Security Best Practices
Using Office 365 is a simple way to get all your employees on the same page. Of course, having a service that is accessible both in the office and on-the-go, means security is an even bigger consideration. How do you ensure your company’s Office 365 service is secure? How to secure Office 365 ?
Microsoft has built-in security tools to help keep unauthorized users out. While most of these features are available to every account holder, it must first be enabled. They are not turned on automatically.
All Office 365 accounts use a single log-in to access email and cloud services. This simplistic approach makes it easy for the user; it does make it easy for an outsider to break into multiple accounts. Chances are, once they are in one employee account, the easier it is to get into another employee’s account.
To better protect your accounts, you can turn on multi-factor authentication for each of your employees. To do so start by signing in to your Office 365 and go to the Office 365 admin center.
- Navigate to Users and select Active Users.
- In the Admin center select, More and Setup Azure multi-factor auth.
- Find the users you want to enable multi-factor authentication. If necessary, change the view at the top to see all your users.
- Check the box next to users whom you want multi-factor authentication enabled.
- On the right-hand side, select Enable.
- In the new dialog box, click enable multi-factor auth.
Now, users can set up two-factor verification.
After turning on the multi-factor authentication, you must set up the two-factor verification service. This feature requires that you enter an additional code upon signing into browser based accounts. The randomly generated code comes via text message, phone call, secondary email, or through a Microsoft Authenticator app.
Each employee logs into their account to start the process after the multi-factor authentication.
- Once logged in, select Set it now.
- Choose the authentication method that best suits you and follows the prompts.
- Once finished, Micorsoft prompts you for the secondary code the next time you log. You receive the code via the method chosen during setup.
You can choose multiple verification methods, which is recommended, in the event you cannot access your conventional method.
Setting Up App Password
Once the multi-factor authentication is enabled, you can allow your employees to create application passwords for your different apps. If they are using a non-browser application such as Outlook, you must have a particular app password to log in, not your traditional password.
Office 2016 administrators also have the option of setting up a two-factor authentication for their users. When using a two-factor authentication, non-browser applications require individual passcodes.
To set up an app password:
- Login to Office 365, you must use both your password and verification code.
- Choose to set and then Office 365
- Select Security and Privacy, then Additional security verification.
- On the Addition Security Verification page, choose “update my phone numbers used for account security.” This option brings up the page with the app password setting.
- Select app passwords at the top of the page
- Click on create. Microsoft generates a random password.
- Copy the password to clipboard; you do not need to memorize or write it down.
- Open the application needing the password.
- When prompted, paste the passcode into the password box. Make sure you check the “remember my credentials” box before clicking OK.
Once stored, the application saves the app password in memory. Anytime you change your account password you need to regenerate a new app password for each application.
Microsoft offers limited backup support for Office 365 services. While maintaining high-security protocols, such as multi-factor authentication, can help protect files, having a backup service such as CloudAlly in place can ensure you never lose important documents.
View CloudAlly backup for Office 365 Solution Case Study.