Microsoft 365 security

Top 5 Microsoft 365 cyber security tips

We asked Microsoft MVP, Vlad Catrinescu, to give us his top 5 Microsoft 365 Cyber Security tips.

To celebrate Cyber Security Awareness Month, we compiled Vlad’s tips into the blog post below for you to enjoy. Let’s dive in!

Tip #1: Automate external guest expiration

Sometimes we need external guests inside our SharePoint environment to help us on various projects. But when the project is over, we want them to leave. In SharePoint Online, you can Automate guest expiration so after a certain period of time they will be removed from the site unless a site owner decides to renew them on the project.

Extend Guest User Access - Microsoft 365 Cyber Security tip

By automating guest expiration you can make sure external users do not keep access to your sensitive information that they don’t need for their job and you will also make progress towards your zero trust deployment.

Tip #1: Automate external guest expiration

Tip#2: Configure the default sharing link

Users often take the shortest path possible towards achieving a goal, even though the path they take may not be the best for Microsoft 365 cyber security. It’s important to configure the default sharing link experience inside your tenant to be the most strict possible. This way, if a user just clicks and copies the link, they will not automatically create an anonymous edit link.

While you can still allow your users to create anonymous edit links, they will need to make the decision and take extra clicks to create that type of link, it wont be permissive by default. By restricting the default link type, you will reduce the amount of oversharing in your environment and take one extra step to enhance your Microsoft 365 cyber security.

Tip #2: Configure the default sharing link

Tip #3: Restrict what domains your users can share content with

Almost every organization in the world today collaborates with external users. Did you know that as a Microsoft 365 administrator, you can restrict what domains your users can share content with? This way you can keep users productive, but with organizations that are approved and trusted.

Now if you want to take it to the next level, you can even go to your most important sites, and then select a subset of those domains for specific sites. One thing to remember is that you also have allow lists in both Microsoft Teams and Entra ID. Make sure you work with your other administrators, this way you secure all your Microsoft 365 tools and strengthen your Microsoft 365 cyber security.

Tip #3: Restrict what domains your users can share content with

Tip #4: Access Reviews in Entra ID to enhance Microsoft 365 cyber security

Oversharing is one of the biggest problems facing Microsoft 365 administrators today. How can you make sure each Microsoft 365 group only has the people that it needs inside? With Access Reviews in Entra ID, you can create a task for your group owners and ask them to check if each member still needs access and who should be removed. This will empower your owners to keep their groups up to date, keep your environment secure, and prevent oversharing.

Tip #4: Access Reviews in Entra ID

Tip #5: Configure Data Loss Prevention policies

There are billions of documents and messages created every day but from a Microsoft 365 cyber security perspective, they are not all equal. Some messages and files include sensitive data such as passport numbers, credit card numbers, or any type of personal information. As an administrator, you can configure Data Loss Prevention policies to make sure that sensitive information is only shared in approved locations.

If ever a user tries to share it elsewhere, the Data Loss Prevention engine will block users automatically from sharing that information. So make sure that you implement Data Loss Prevention policies to ensure your most sensitive data remains secure to enhance your Microsoft 365 cyber security.

Tip #5: Configure Data Loss Prevention policies

Conclusion

From preventing oversharing, to enabling Access Reviews, to restricting domains, there are many ways to strengthen your Microsoft 365 cyber security. We hope these tips help guide you to consider some potential vulnerabilities and ways to prevent and mitigate these risks. Syskit Point is a platform designed for effective security, governance, and visibility of your Microsoft 365 tenant and provides many ways to enhance your Microsoft 365 cyber security. Try Syskit Point with our 21-day free trial to help you secure and govern your Microsoft 365 environment.

Related Posts