As an SMB owner, you know that investing in cyber security is an absolute must, but the thought of implementing and managing complex security tools can feel daunting and expensive. Nonetheless, you invest in various solutions to keep your business safe but still can’t help feeling somewhat exposed.
We at Babble are all too familiar with this scenario – and if this sounds like you, you’re not alone. In my extensive experience helping SMBs navigate the complexities of digital safety, I’m here to tell you that there’s a good chance that you probably aren’t using all of the tools you already have.
In this article, we’ll unpack these commonly underused security solutions in your Microsoft ecosystem. By the end of reading this, you’ll have a comprehensive understanding of the essential Microsoft cyber security capabilities that can provide significant protection against different kinds of threats.
–
Reading Time: 8 minutes
What This Blog Covers:
The Cornerstone: Multi-Factor Authentication (MFA)
First and foremost: turn on Multi-Factor Authentication (MFA) right now (if you haven’t already). It is, without a doubt, the most impactful thing you can do to secure your Microsoft environment. Honestly, I can’t stress enough how crucial this is.
MFA adds another layer of security to your password by requiring something else as well. This additional security factor could be using your face or fingerprint or verifying access on another app. Passwords get stolen all the time, so if this had to happen, MFA would prevent them from accessing your account without that second form of verification.
The best part about it is that it’s free, and is included in both the Business Standard and Business Premium plans.
Now, I know some of you might be rolling your eyes and saying, “Yeah Steve, we get all that, but MFA slows us down” or “It’s a hassle to have to use an app every time I want to check my emails”. And if you have employees using their personal devices, you might get some pushback about installing work apps. I’ve heard it all, and I get it: those extra seconds of logging in can briefly disrupt the flow of getting things done.
But let me tell you, the minor inconvenience of using MFA is nothing compared to the potential disaster of a compromised account. Plus, there’s more than one way to skin this cat. You can set it up so you receive a call on a mobile number and then punch in a code. So, while the app is often the easiest way, you have options.
We see this in our personal lives all the time now – logging into banking apps, shopping online – these extra security steps are becoming the norm. It’s no longer like the old days with VPN tokens (remember those?), it’s much easier now. Between us, I sometimes think it’s just a bit of complacency that stops people from using it.
Taking Control: Conditional Access
Once you have MFA firmly in place – seriously, I hope you stopped reading the article to switch that on – let’s talk about further strengthening your security posture with conditional access.
What it is: This feature, available with Microsoft 365 Business Premium, offers a more advanced layer of security control. While MFA verifies who is trying to access your systems, conditional access focuses on how, when, and where they are trying to do so.
How it works: With conditional access, you can restrict logins based on location, time, and the type of device being used – you can choose how granular you want to go. For example, if your entire workforce is primarily based in the UK and doesn’t typically travel for business, you can set a policy to restrict logins from anywhere outside of the UK. You can even block access attempts from high-risk countries known for ransomware and malware breaches.
Why it matters: The beauty of setting your own policies is that you can tailor them to your operations. For instance, you might allow full access only from company-owned and managed devices. This level of control helps you refine who can access what and under what circumstances.
Shielding Your Inbox: Microsoft Defender for Office 365
Email remains a primary vector for cyber attacks like phishing and ransomware. This is what makes Microsoft Defender for Office 365 an incredibly valuable tool of defence against email-based attacks.
Here are some key configuration best practices to get the most out of Defender for Office 365:
- Scanning attachments and links: Firstly, make sure that you have it actively scanning email attachments and checking links. The keyword here is actively, because Defender is smart enough to look at where a link (“funnywebsite.com”) actually goes (“nastywebsite.com”), even if the displayed text looks innocent. Needless to say, it would be flagged as unsafe.
- Impersonation protection: In another article, we discussed how user impersonation is on the rise. Defender is great for protection against impersonation attacks. If someone outside your organisation tries to sneak into your system by impersonating a senior member of your team – like sending an email pretending to be your CEO asking for an urgent payment – Defender has mechanisms to identify and stop that.
- Continuous link scanning: Did you know that even a “safe” link can become compromised over time if the website it points to is hacked or if the linked document becomes infected? This happens because a link is essentially just a pointer to a location on the web, and that location can change even if the link itself doesn’t. One of the most surprising and valuable features is Defender’s ability to rescan links every time an email is opened, not just the first time. So, even if you received a safe document link from a colleague, if that document later becomes infected, Defender will catch it when you click the link again.
Securing Every Device: Microsoft Defender for Endpoint
With remote work being the new normal, securing every device in your organisation is an absolute must. Why? Because each of these endpoints (i.e., laptops, phones, and tablets) is a gateway into your business. In other words, if one of them is compromised, the entire business is in jeopardy – this is where Microsoft Defender for Endpoint comes in.
What it is: This solution is designed to protect your users from all sorts of malicious software, including malware and ransomware, which can steal your data or make your devices unusable.
How it works: Defender for Endpoint works by constantly monitoring the device and its environment for any unusual activity. It looks for things like changes in user behaviour, how files are being structured, and how each device is used. If it detects something suspicious or out of the norm, it responds using a set of pre-defined security tools.
Why it matters: It’s absolutely essential to have this in place and kept up to date because malware is constantly evolving and changing. The good news is that Microsoft provides regular updates to Defender to ensure it has the latest intelligence on threats and bad actors.
Defender not only tries to keep devices clean but is quite proactive: it can also flag problems and automatically try to contain them. For example, if Adam in Accounting’s phone gets infected, Defender can help isolate it to prevent the issue from spreading to other devices, allowing you to respond quickly and effectively.
Your Virtual Security Analyst: Microsoft Sentinel
For SMBs that often don’t have dedicated security teams, Microsoft Sentinel is almost like having an in-house cyber security person, as its primary focus is threat detection and response.
What it is: Sentinel is a centralised security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. In English, it’s an engine that pulls in information about what’s happening in your Microsoft environment and then reacts to it.
How it works: This reaction can involve advising a user to take action or automatically responding to problems on your behalf. However, it’s worth noting that while it helps you analyse the security-related data it extracts, detects threats, and automates responses, its recommendations should be taken with a grain of salt. SMBs will often say to themselves, ‘I’ve spent money on this product over here. I’m now safe. I can relax. I can just get on with the job.’ But herein lies the problem: it’s a program and not a person. Many applications only respond automatically to certain threats and often just report issues – which still requires someone to take action.
Why it matters: Nonetheless, it’s still a useful tool because you need someone (or something) to tell you what’s wrong in order to fix it. Sentinel is great at gathering all the information you need and then asking you what you’d like to do about it. It’s like having an extra pair of eyes overseeing everything happening in your environment, helping you to react effectively even without a dedicated in-house security expert.
Beyond Mobile: The Power of Microsoft Intune
While Microsoft Intune secures all types of devices, it’s still a common misconception that it is only for mobile devices. Contrary to popular belief, your organisation’s laptops are not completely secure and locked down. They are just as susceptible to the same problems mobile devices are. This leads many SMBs to often overlook Intune’s broader security benefits and capabilities because they don’t understand what Microsoft Endpoint Manager (which includes Intune) can actually do for them.
But this is not an attack (I come in peace!), and I get it: if you’re like most businesses, you’re simply too busy with your core operations to gain an in-depth understanding of the product stack. (If you did, guys like me would have to find a new line of work).
What it is: As we’ve just clarified, Intune is not just for managing mobile devices: it’s a powerful tool for securing and managing a wide range of devices – from mobiles to desktops, it covers all endpoints.
How it works: As a significant component of Microsoft 365 Business Premium, Intune allows you to create templated builds of devices, restrict what users can and cannot do, and centrally deploy applications and updates in a controlled manner.
Why it matters: This level of control stops shadow IT dead in its tracks. In other words, Intune prevents users from installing anything without your knowledge or authorisation. It’s also a great solution to the Bring Your Own Device (BYOD) conundrum: let’s say your employees all use their personal cell phones for work but you still need to keep your business data secure. Intune blocks them from sending it via WhatsApp or typing copies of it, for example. If someone leaves the company, and they of course take their phone with them, Intune ensures that they no longer have access to the business data once they’ve left. All of this is managed centrally through policies and processes you can set up.
A Unified Front: Leveraging the Microsoft Security Ecosystem
Any Microsoft user will notice that a lot of the applications within the Microsoft stack are complementary to each other. So, individually they might provide protection at a certain level. But if you bolt on some of the other functions – like Endpoint on top of Defender on top of Defender for Office 365 – you’re then starting to protect the device, the data, and the email, and essentially beginning to create a growing shield of protection around your environment.
Your Next Steps to a Stronger Security Posture
And there you have it: an overview of the cyber security features built into your Microsoft licenses. Remember, the biggest impact comes not just from having the tools, but from using them effectively and making the most out of them.
If you haven’t turned on MFA by the end of reading this, please do. I’d hate for you to have a breach simply because you didn’t activate this free security feature.
While Microsoft provides a fantastic suite of security products, it’s also worth remembering that sometimes it’s beneficial to complement the Microsoft stack with certain third-party solutions. Not only can an expert like myself, help you optimise your current licences, but we at Babble provide tailored tech stacks that meet your unique business needs.
It’s time to take full advantage of the security tools you have at your fingertips to keep your business protected – request a full security audit today! One of our experts will help you maximise your cyber security protection from your Microsoft licenses.