In the move towards digital transformation, more businesses than ever are turning to Microsoft 365 to support an agile, remote workforce. Along with traditional Office 365 stalwarts like Word, Excel and PowerPoint, collaboration tools like Microsoft Teams, Outlook, OneDrive, and SharePoint support teams to work together from anywhere on the planet. It’s an impressive suite of software solutions, and so familiar to so many that the shift to more remote ways of working can be relatively painless.
However, as with all things in life, it is never quite as simple as it seems, and businesses are confronted with a range of choices regarding the breadth of solutions, and importantly the security options that are available with them.
(Effective 20 June 2023 – Source: https://www.microsoft.com/en-au/microsoft-365/business/compare-all-microsoft-365-business-products)
From Microsoft Business Basic, to Business Standard and then Business Premium, is a big leap in per user costs, from AU$8.20 per user/month (AU$98.40 per user/annum), up to AU$30.20 per user/month (AU$362.40 per user/annum).
And for security, Business Basic, Standard, and Premium all include antiphishing, antispam, and antimalware protection. While Business Premium includes additional capabilities, such as advanced threat protection for devices (endpoints), email, and collaboration, and information protection.
But the steep jump in per user license fees can cause many businesses to hesitate and assume risks that are imprudent. Even worse, some businesses may be tempted to trade off existing solutions that are outside the Microsoft ecosystem, thinking that in Microsoft 365 they have an all-encompassing suite, a one-stop-shop if you will, that will cater to all their business needs. But as industry professionals, we all know that is a dangerous leap of faith.
For Microsoft Business Basic and Business Standard, businesses have the option to upgrade licenses with Microsoft Defender for a further AU$4.10 per user, but it’s still a price that many baulk at shifting annual per user licensing from AU$147.60 to AU$255.60.
And even for those considering enterprise packages at the E3 and E5 level, at a hefty AU$52.20 user/month or AU$78.30 user/month, there are still shortcomings with respect to advanced threat protection.
(Effective 20 June 2023 - Source: https://www.microsoft.com/en-au/microsoft-365/compare-microsoft-365-enterprise-plans)
Choose 'Defence-in-Depth' to Boost Protection at a Lower $ Price/ Seat
As we know, making any of those choices alone leaves businesses in a precarious position where all their eggs are in the one basket. A defence in depth approach is always preferable, where other vendor IP can complement the Microsoft 365 suite and its native security features.
For example, with respect to zero-day emails threats, like advanced phishing and ransomware attacks, and BEC attempts, MailGuard is proven to stop threats up to 48 hours faster than Microsoft 365. In fact, the MailGuard speed to detect scorecard includes examples of threats that were intercepted by MailGuard but were still to be detected by Microsoft 365 more than nine days later. And so, for those businesses where an upgrade of Business Basic to include Microsoft Defender is a stretch, adding the advanced email threat protection of MailGuard may be a prudent decision, boosting end-user protection and at a more affordable per user price point. And likewise, for those struggling with the leap to Business Standard and Business Premium, adding MailGuard to the security stack allows the business to leverage the value in their Microsoft 365 investment, whilst retaining specialist, advanced cloud email security to protect their inboxes.
Even Microsoft CEO and Chairman, Satya Nadella, acknowledged the defense in depth advantages of adding MailGuard to the Microsoft stack, acclaiming MailGuard as “the type of innovation that we want to see.”
And for those that do make the move to Microsoft 365, here are 10 more recommendations from Microsoft for small to medium businesses with up to 300 users, by subscription type, for securing business data:
1. Multi-Factor Authentication (MFA or 2FA)
Multi-Factor Authentication (MFA), also known as two-step verification, requires people to use a code or authentication app on their phone to sign into Microsoft 365, and is a critical first step to protecting your business data.
Mandating MFA can prevent bad actors from taking over an account if they know the password.
To help simplify the process of enabling MFA, security defaults in Azure Active Directory (Azure AD) are available in Microsoft 365 Business Basic, Standard, and Premium.
Microsoft 365 Business Premium also includes Azure AD Premium P1 for advanced administration. It enables you to set up and configure Conditional Access policies instead of security defaults, for more stringent requirements.
2. Protect Administrator Accounts
Administrator accounts (aka Admins) have elevated privileges, making these accounts more susceptible to cyberattacks. Make sure to set up and manage the right number of admin and user accounts for a business.
Microsoft also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs.
Microsoft 365 Business Basic, Standard, and Premium include the Microsoft 365 admin center and the Microsoft Entra portal to set up and manage admin accounts.
3. Use Preset Security Policies
Preset security policies save time by applying recommended spam, anti-malware, and anti-phishing policies to users all at once. Preset security policies take the guesswork out of implementing protection for email and collaboration content.
Microsoft 365 Business Basic, Standard, and Premium include Exchange Online Protection (EOP). It includes preset security policies for anti-spam, anti-malware, and anti-phishing.
Microsoft 365 Business Premium also includes Microsoft Defender for Office 365 Plan 1. It includes preset security policies for advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments.
4. Protect All Devices
Every device is a possible attack avenue into a network and must be configured properly, even devices that are personally owned but used for work. The security team and all employees can all take steps to protect devices. For example, all users can use MFA on their devices.
Microsoft 365 Business Basic, Standard, and Premium enable users to use MFA on their devices.
Microsoft 365 Business Premium also includes advanced device protection with Microsoft Defender for Business. Defender for Business includes threat and vulnerability management, attack surface reduction, next-generation protection, endpoint detection and response, and automated investigation capabilities.
Microsoft 365 Business Premium also includes Microsoft Intune for managing devices.
5. Train Everyone on Email Best Practise
Email can contain malicious attacks cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications.
Train everyone to know what to watch for spam or junk mail, phishing attempts, spoofing, and malware in their email.
Microsoft 365 Basic, Standard, and Premium include EOP, which provides anti-spam, anti-malware, and anti-phishing protection for email hosted in Exchange Online.
Microsoft 365 Business Premium also includes Defender for Office 365 Plan 1, which provides more advanced protection for email and collaboration, with advanced anti-phishing, anti-spam, and anti-malware protection, Safe Attachments, and Safe Links.
6. Use Microsoft Teams for Collaboration and Sharing
The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all of the business’s files and communications are in a protected environment and aren't being stored in unsafe ways outside of it.
Microsoft 365 Business Basic, Standard, and Premium include Microsoft Teams.
Microsoft 365 Business Premium also includes Defender for Office 365 Plan 1, with Safe Links and Safe Attachments for Microsoft Teams, and Azure Information Protection Plan 1, with sensitivity labels and DLP to discover, classify, protect, and govern sensitive information.
7. Set Sharing Settings for SharePoint and OneDrive files
The default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. Microsoft recommend reviewing and if necessary, changing the default settings to better protect a business. Grant people only the access they need to do their jobs.
Microsoft 365 Business Basic, Standard, and Premium include OneDrive and SharePoint.
Microsoft 365 Business Premium also includes Defender for Office 365 Plan 1, with Safe Links and Safe Attachments for Microsoft Teams, SharePoint, and OneDrive and Azure Information Protection Plan 1, with capabilities to discover, classify, protect, and govern sensitive information.
8. Use Microsoft 365 Apps on Devices
Outlook and Microsoft 365 Apps (also referred to as Office apps) enable people to work productively and more securely across devices. Start a document on one device and pick it up later on another device. Instead of sending files as email attachments, you can share links to documents that are stored in SharePoint or OneDrive.
Microsoft 365 Business Basic, Standard, and Premium include Outlook and Web/mobile versions of Microsoft 365 Apps (such as Word, PowerPoint, and Excel).
Microsoft 365 Business Standard and Premium include desktop versions of Microsoft 365 Apps that can be installed on computers, tablets, and phones. Installing the Microsoft 365 Apps helps ensure users get the latest features, new tools, security updates, and bug fixes (PC users also get Access and Publisher).
Microsoft 365 Business Premium also includes Defender for Office 365 Plan 1 (with Safe Links and Safe Attachments) and Azure Information Protection Plan 1 (with sensitivity labels).
9. Manage Calendar Sharing for Businesses
You can help people in an organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only, so that users don't accidentally overshare important information.
Microsoft 365 Business Basic, Standard, and Premium include Outlook and Exchange Online.
Microsoft 365 Business Premium also includes Azure Information Protection Plan 1, and that includes DLP policies to protect sensitive information.
10. Maintain the Environment
After the initial setup and configuration of Microsoft 365 for business is complete, every organization needs a maintenance and operations plan. As employees come and go, they'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. They'll also want to make sure people have only the access they need to do their jobs.
Microsoft 365 Business Basic, Standard, and Premium include the Microsoft 365 admin center and the Microsoft Entra portal for managing user accounts.
Microsoft 365 Business Premium also includes advanced security and compliance capabilities. You can use the Microsoft 365 Defender portal or the Microsoft 365 Purview compliance portal for viewing and managing security & compliance capabilities.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email solution like MailGuard.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared, and get in touch with our team to discuss strengthening your customer’s Microsoft 365 security.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
