MD’s Business Blog: Fine Tune your Security with these Top Tips


Office 365 has a wealth of features to keep your business secure. With a little effort, you can make a big difference to how safe your valuable company information is, and keep out prying eyes. Security must be taken seriously within any business.

Good security doesn’t stop at your firewall. Think of it along the lines of securing your offices, and the layers of security you have there:

1. Put a lock on the door and give staff a key – OK, but no way of telling who has entered, when.


2. Use a key fob access system – great, you can now track access to the office and quickly deny access to an individual.

3. Buy a safe to store your valuables.

4. Install security lights – gives you a warning when somebody is snooping around.

5. Add an alarm – get notified immediately somebody tries to break in.

6. Install security cameras – helps you to identify anybody looking suspicious.

So many companies stop at ‘2’ with their IT. They install good door-locks – secure passwords and even multi-factor authentication – but there is little or no monitoring to raise warnings that somebody is poking round, or has actually broken into your estate. And there is no reliable way of locking away highly sensitive documents.

Here are 10 tips to help you along the road to a more secure IT infrastructure.

1. Get to know your Microsoft 365 Secure Score

The Microsoft Secure Score is a simple rating of how many security features you have implemented in Office 365. It is really powerful tool to track how much attention you’re paying to security within your Microsoft services. You can find it in the Microsoft Security Admin Centre.

2. Microsoft Security Admin Centre

Talking of which… Ask your IT provider to give you a look at your Microsoft 365 Security Centre Dashboard. This is really informative screen that, at minimum, will give you some good discussion points that will help drive out how actively your security is being managed.

3. Use multi-factor authentication

Microsoft 365 has inbuilt functionality that will protect your passwords from phishing attacks (those emails that look like they’re from Microsoft, which ask you to click a link and enter your username and password).

If somebody tries to log-in from a new place, they have to type in a code that is texted to your phone. Simple, unobtrusive, and cuts out a large number of attacks.

4. Set up and monitor your security alerts

These alerts really impress me. Microsoft monitors who is logging into your system and where from (amongst other things).  If a user logs in from London and then, half an hour later, from New York, you’ll get a notification that something isn’t as it seems.

5. Set up Labels and Rights Management

This is your safe where you can protect your really important documents, and it’s built right into Office 365. By simply selecting a label that a document is sensitive, Office 365 will encrypt it so that only approved people can decrypt and read the document.  

Even if somebody downloads all of your design documents onto a USB drive and takes them to their next company (surely not!!) they simply won’t be able to open them once you’ve removed their Office 365 login.

A great feature is that, if you do send a document to somebody and then decide that you don’t want them to access it any more, you can easily rescind access which prevents that person file from opening the file again.

You can even get a report on where in the world a particular file is being accessed from.

6. Do your housekeeping

Think of your office – papers in piles all over the place, notebooks left open on people’s desks, filing cabinets left unlocked, people wandering round after hours and having a good poke around. OK, obviously this isn’t how your place is run. 

But do you have the equivalent happening electronically

Do you know where your confidential files are and who has access to them? When people move role, do you make sure their permissions are updated? Do you have designated, locked down areas for confidential information? Do you give people an alternative to sending attachments so important documents don’t end up scattered through your email system?

This all takes time, but it can quickly become an embedded habit if planned correctly.

7. Audit

Part of good housekeeping is good auditing. Make it part of somebody’s job to check how tidy your file systems are and how people are using their email/OneDrive. This is the major contributor to good data management practices.

8. Hit the delete button

Part of good housekeeping is chucking stuff out once it’s not needed any more. You’ll no doubt have your GDPR policy in place with the retention/deletion schedules that go with this. 

Microsoft 365 has inbuilt tools that can automate the process of flagging documents for deletion once their time is up. 

Again, it needs some setting up, and then somebody to routinely monitor this, but it really can take a lot of the effort and pain away from keeping compliant.

9. Use Microsoft Intune to protect your devices

So you’ve encrypted your files, secured your login, done your housekeeping, and then the commercial director leaves his phone on the train!  And of course, being a modern 21 century company, the phone has Outlook, OneDrive, Microsoft Teams – pretty much all of your company’s secrets on it.

Intune is the tool that protects you in this situation. 

As well as being able to use Intune to manage which apps on people’s phones are allowed to access company data in the first place, you can also use it to quickly wipe a phone, or just wipe those apps that hold your data.

Great for tidying things up when people move on from your organisation.

10. Have a look at Data Loss Prevention (DLP)

DLP monitors your entire office 365 system, including emails, to check for communications that contain sensitive information. It then either prevents it from being sent out, or alerts the user to potential danger.

It’s a premium feature, and can be tricky to set up, but it’s well worth a look if you have an organisation that handles a lot of sensitive information and also communicates a lot with external parties.

Consider Outsourcing

There are so many great features that can help you to keep your valuable information safe and secure. It just takes some time to set up, and then routine housekeeping and monitoring to make sure that everything is as it should be.

To help with this, and let you get on with your day job, we have a number of managed services where we can do some of this routine work for you, giving you the confidence that a specialist company is overseeing your data protection and giving you regular reports on how secure your environment is.

If you’d like more information, give us a call on 0800 849 3018, or click the button below to ping us a message.

Colin Thorpe is Managing Director of AMT Evolve

He has been working with internet technologies for 25 years, and really hates admitting he still finds it fascinating.