Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

It doesn’t matter whether you run a small business or are part of the IT team at a multinational corporation—if your organization has data in the cloud, attackers will eventually try to target it. Fortunately, Microsoft 365 has you covered.

Many people know Microsoft 365 for its suite of business productivity and collaboration tools. Not as many are familiar with its equally powerful security tools, however. Let’s explore some of the Microsoft 365 security features you should definitely know whether you’re shopping around or you’re an existing business user looking to upgrade your security program.

Microsoft Defender

Microsoft Defender takes a modern “defense in depth” approach to protect your Microsoft 365 apps and data. Instead of relying on just strong perimeter security, it applies multiple security layers, making it capable of catching a much broader range of threats than purely perimeter security.

That starts with email analysis and filtering at your network’s edge. On average, Microsoft Defender blocks over 25% of all malicious messages before they even touch your network. Then all mail inside your perimeter is scrutinized using tools that scan for malicious content and the sender’s authenticity.

Sophisticated attackers know that security tools carefully scrutinize mailboxes, so they look to get a toehold on your network by compromising other applications. That’s why Microsoft Defender also includes OneDrive, SharePoint, Teams and Office applications protection layers. If Defender detects malicious activity in any of those apps, it immediately locks down the compromised files so users can’t open or share them.

Microsoft 365 Data Loss Prevention (DLP)

Your data is one of your business’s most valuable assets. Its compromise could have long-term devastating effects on both your revenue and reputation. Several Microsoft 365 security features are available to help protect your data integrity.

DLP policies

These policies will help ensure that sensitive information such as credit card numbers or other identification stays secure. It allows you to flag and track sensitive data and set policies around how users can share it.

Information protection

This Outlook feature allows you to set policies for how you and your employees share sensitive data over email. For example, you can set policies to prevent copying and pasting into or out of emails or prevent the ability to forward certain messages outside your organization.

Theft protection

With BitLocker encryption, Microsoft 365 ensures that your information remains safe even if a device is stolen. You can also remotely wipe any lost device or reset it to its factory settings if you pass it on to a new employee.

Multi-factor authentication (MFA)

Your data is only as safe as your employees’ credentials to access it. Unfortunately, too many people still choose weak, vulnerable passwords. That’s why Microsoft 365 supports multi-factor authentication. When you enable MFA, your users must use two or more authentication methods, including passwords, text security codes or verifying requests in a mobile app. You can even use the Microsoft Authenticator app to secure other business services, like Salesforce, Google Workspace and Dropbox.

Built-in mobile device management (MDM)

The rise in remote and hybrid working has only expanded popular employer Bring Your Own Device (BYOD) programs, where employees use their own laptops and mobile devices to connect to company apps and shared folders.

You might have the most trustworthy employees in the world, but even the most diligent ones might lose their phones, which can still put your data at risk. That’s why Microsoft 365 offers MDM built right into its cloud platform for employees to access corporate email from their devices. Beyond email, Microsoft InTune secures access from BYOD endpoints to other corporate applications and data.

Privileged Identity Management (PIM)

Privileged Identity Management allows you to manage how and when users can access different cloud-based resources. For example, you can set time-limited or approval-limited roles for different users, so they receive elevated privileges only under certain conditions. That helps prevent accidental misuse or malicious use of resources by normal users.

Email archiving

All businesses must abide by data retention regulations that dictate how email communication is handled and retained. Microsoft 365 Business works to address even the most stringent regulations with these email archiving features:

Litigation holds

You can use a litigation hold to lockdown and retain a user’s mailbox, including deleted items. This will preserve all their inbox content, including original versions of items they may have modified.

Retention policies

Exchange allows you to customize your own retention policies according to your regulatory and business needs. For example, you can delete things permanently after a set period or keep them in a separate storage area. These Microsoft 365 security features can also be of tremendous help in case of a security breach or accidental deletion of important data.

Azure Information Protection (AIP)

This cloud-based solution works similarly to Microsoft Defender Information Protection, but for data in your company’s Azure cloud computing tenant. It allows you to apply labels to tag and manage files. Labels can be applied automatically, or users can be given suggestions for how to label certain data.

Some options include:

  • Do not forward
  • Confidential
  • Highly confidential
  • Encrypt


Microsoft 365 security dashboard

All of these features sound great, but how will you manage them? Microsoft 365 Business includes a security dashboard that collects all relevant security information in one place. It’s clear and uncluttered so non-technical users can monitor your security measures.

On the dashboard, you can activate and deactivate features with just the click of a button, set custom policies that make sense for your business, and instantly remote-wipe stolen or lost devices.

Microsoft 365 security features that were made for you

Microsoft 365’s security features are powerful enough for major enterprise security but available for every small business user. They’ll empower you to protect your data and employees from the cyberthreats faced by modern businesses.

An expert partner can help you make the most out of Microsoft 365. Check out our Partner Guide to learn how Sherweb can help you maximize the benefits of your Microsoft relationship.

Written by The Sherweb Team Collaborators @ Sherweb