By Patrick Lonz, President, Compliant WorkSpace

By now you’ve probably noticed I’m a big Kubrick fan, believe it or not, but we’re not going to rate the best movie directors of all time right now, no chance. But what I want to talk about here is securing your firm on the Microsoft 365 Cloud. Because I believe lots of companies hesitate migrating to the cloud for fear of cyberthreats, and rightly so: You’re walking into a minefield when you put all your employees on the cloud since by default, if you move your company to Microsoft 365 employees aren’t totally secure. And in many cases, you can easily turn off the security options that would leave your people wide open to an outside attack. Here I’m going to talk about our unique Pre-Set 365 Security Template included with Compliant Workspace and how it will give your firm a fully secure Microsoft 365 setup, out-of-the-box.

The security behemoths  including AvePoint, Mimecast and Terranova claim that the Microsoft cloud is so unsecured you must purchase their security/filtering plug-in to be fully cybersecure

Malware, Ransomware,  Phishing, Smishing, Vishing…Whaling?

Let’s get into it. First, go ahead fire-up google and search “is Microsoft 365 cybersecure? ” and you’ll get dozens of hits from the security behemoths of the day including AvePoint, Mimecast and Terranova (who by the way just partnered with Microsoft to leverage their phishing, security awareness and cybersecurity training to shore up any gaps they have). In this search you’ll find well-crafted white papers giving you their opinions on cybersecurity and Microsoft 365. You’ll also notice all these papers begin with a terrifying story going something like this, “When you move your company to Microsoft 365, you’re going to be wide open to hackers with malware, ransomware, social engineering, phishing, smishing, vishing, spear-phishing…” And a new threat I recently learned about called whaling, that’ll surely hack the heck out of your employees. These papers then conclude by attempting to convince you that the Microsoft cloud is so unsecured by default that trying to protect yourself is too confusing – you can’t handle it yourself! Therefore, you must purchase their security/filtering plug-in to be fully cybersecure on Microsoft 365.

However, other results from this same google search will tell you Microsoft can make your company secure on the cloud since they have all the tools built-in with each of their subscription. I mean according to them, you can configure their built-in Security Policies, or use Exchange Online Protection with Quarantine Policies to block malware, with the Tenant Allow/Block List and Alert Policies to protect against all the threats of the day.

So which is it? Do you need to purchase an add-on security tool from one of the big vendors, or can you use the built-in tools included with Microsoft to make your firm fully cybersecure on their cloud?

Do You Need to Purchase Add-on Tools to be Secure on Microsoft 365?

Let’s start by clearing the air on what I mean by making your firm cybersecure on Microsoft 365. I am NOT talking about your employees getting tricked into giving out confidential information about themselves or your company, also I am not talking about their computers getting messed up with viruses because they’ve been on questionable sites; security awareness training with updated virus software on their PC’s is the solution to these problems. I am talking about preventing employees from getting their passwords hacked or blocking anything from getting on your Microsoft 365 tenant. For example, worst case scenario, someone gets an Excel spreadsheet sent to them, then saves it to your company SharePoint and voila! Your whole firm is infected.

Nonetheless, to answer the question if you need add on tools or if you can use the tools included with Microsoft to make your firm cybersecure on their cloud, I will say If you’re a large firm like a bank then yes, you’ll buy a third-party security add-on for Microsoft 365 since you are a persistent target to hackers. Also, telling the VP of IT that Mimecast is giving your company “A comprehensive email security and resilience solution with built-in AI powered software that’ll block all email-based threats with sandbox emulation that’s seamlessly integrated with Microsoft 365” will be an easy sell. (I honestly have no idea what any of that means but it sounds great!)

if you’re a small firm with 15-25 employees for example you probably don’t need to pay for AI powered emulation software to make you secure on Microsoft 365. In fact, you don’t want it more complicated, that’s why you moved your company to the Microsoft Cloud, to simplify your IT.

However, if you’re a small firm with 15-25 employees for example you probably don’t need to pay for AI powered emulation software to make you secure on Microsoft 365. In fact, you don’t want to make things more complicated, that’s why you moved your company to the Microsoft Cloud, to simplify your IT.

That’s why we created our Pre-Set 365 Security Template for; small firms wanting to get their employees on Microsoft 365 with all the built-in security options pre-set out-of-the-box. No need to hire an IT expert or look for a third-party add-on or spend 80 hrs. trying to configure the tools included with Microsoft to make your firm fully cybersecure on the cloud.

Features of Our Pre-Set 365 Security Template:

The first thing we’ll do to secure your company on Microsoft is make sure MFA is properly configured. I know it sounds like a no-brainer, but I have seen some nightmare scenarios lately where firms got their Microsoft Cloud blatantly hacked. For example, one company came to us (I am not sure if they had an older version before 2019 when MFA was not a default, or they had turned off MFA) but they had been compromised for months and didn’t know it. What happened was a hacker logged into their Microsoft 365 as a user with admin rights then went ahead and started creating user accounts and email accounts on Exchange with full admin access on their system so they could use it to spam other companies, of course they would immediately have to pay for these new bogus email accounts, but worse, their domain would be blacklisted since mass amounts of spam originated from them. We simply turned on MFA, reset all the passwords, then deleted the bogus accounts to solve the problem.

However, since the bad guys are expecting you’ve enabled MFA, they’re going to try to compromise your users some other way, they’ll pull out some tricks. What they will do next is try phishing your employees. To protect against this, we’ll pump up your protection here by enabling the “Spoof Intelligence” setting in Microsoft 365. We do this by editing the default Anti-Phishing policy (since it’s not enabled by default), further we need to modify the default quarantine setting and change it to AdminOnlyAccess so users don’t go and access their quarantined messages and release a malicious file without knowing it.

The next thing our Pre-Set 365 Security Template will do for your employees is block malware and ransomware that may come in to your 365 Cloud. Again, the default settings on your Microsoft tenant need to be modified; we have that covered here as well by enabling Common Attachment Filters to prevent any of your Microsoft Exchange mailboxes from getting delivered malware or ransomware. In addition, we secure the quarantine messages as well by enabling incident reports that are sent to your IT admin.

Now that malware and ransomware is block from being delivered to anyone’s Exchange email accounts on your Microsoft 365 Tenant, the next thing a hacker will try to compromise you on the cloud is embedding malicious code in file attachments or links and get your users to unknowingly download or open them. For example, someone is sent an infected Excel spreadsheet which of course they don’t know it has a virus (it could also be send via a Teams chat, or group chat or even a Teams channel). They then save this infected spreadsheet to your company SharePoint where it’s shared with everyone – and boom – everyone in your company is infected.

A Pre-Set Template to Secure Your Firm on Microsoft 365 With Advanced Blocking and Alerts


Our Pre-Set Security Template

Safe Attachments with Set Replace; Block Attachments Safe Attachments and Safe Links advanced Alert Policies

To prevent this from happening, our Pre-Set Security Template will first make sure Safe Attachments is enabled, here also Microsoft has it off by default. We will also set the option for Safe Attachments with Set Replace; Block Attachment so that emails will still get delivered to your people, with the infected attachment remove so they’ll still get the email and they can take action, also IT is notified of this email with malicious content. We set this option also for Safe Links within the Pre-Set Policy. We further enable this Safe Attachments and Safe Links for Teams.

And finally, our Pre-Set 365 Security Template for Microsoft 365 enables advanced Alert Policies. You want to be alerted if users are added, anyone clicks malicious code or links. We also make sure you know about forwarding rules (a trick hackers will do to obtain emails from your employees without them knowing) also alerts are enabled if any emails with malicious code get delivered to anyone on your Tenant. Built-in alerts to detect:

  • Malicious code or links
  • Forwarding rules

  • Delivery of malicious code

Pre-Set 365 Security Template Designed for Small Firms

We have created our unique Pre-Set 365 Security Template for small firms with 15-25 employees who want to ensure they have a secure Microsoft Cloud without having to add third-party plug-ins to make them cybersecure on the cloud. Our Pre-Set Template sets MFA, Spoof Intelligence, blocks files with malware and ransomware from being delivered to Exchange mailboxes on your entire Microsoft 365 tenant. Further, we enable safe attachments with Safe Links, with advanced Alert Policies to closely monitor any changes to your user accounts.

About Compliant Workspace

Compliant Workspace is a managed Microsoft 365 cloud service provider committed to giving small companies an option to move their firm to the Microsoft 365 Cloud. With our unique Consolidated 365 Service® we include our Pre-Set 365 Security Template, our 365 Cloud Protect and our 365 Cloud Migrate that gives your firm an office in the Cloud – fully-secured, fully-protected: out-of-the-box.

Contact us today, and get your firm on the Microsoft Cloud