What is the importance of having Microsoft 365 security and protection?

Acronis Cyber Protect Cloud
for Service Providers

Phishing is the most common type of cyberattack. An estimated 3.4 billion emails are sent by malicious actors daily, disguised to look like they're coming from a trusted sender. This number adds up to over a trillion phishing emails yearly. According to an ESET research, the most common malicious attachment type is Windows executables (47%), with script files, Office documents, and PDF documents completing the top four.

Regarding Microsoft 365 (M365), some startling statistics demonstrate why Microsoft 365 email security and protection is essential.

  • According to a Proofpoint research, thousands of Microsoft 365 user accounts were targetted by the EvilProxy phishing kit, capable of infiltrating multi-factor authentication-protected M365 cloud accounts. Approximately 39% of compromised users were C-level executives (17% of whom were financial officers and 9% were CEOs and presidents).
  • From November 2021 to October 2022, the most commonly exploited applications globally were Microsoft Office Applications.
  • According to a 2022 Egress report, 85% of organizations using Microsoft 365 reported a phishing-caused breach in the, then, past year. 40% of organizations also fell victim to credential theft.
  • With 60% of data breaches attributed to poor patch management, there were 1,220 new CVEs across Microsoft products in 2020 in the common vulnerability and exposures (CVEs) database.

What Security and Compliance Features Does Microsoft 365 Offer?

Let's explore Microsoft's 365 security and compliance options.

Identity and Access Management (IAM)

Microsoft's IAM solutions enable admins to manage digital identities to ensure secure access to a company's data spread across databases, applications, and networks. IAM can counter suspicious login attempts (potentially from unauthorized users). It can also protect user credentials via risk-based access controls, robust authentication tools, and identity protection options to grant users secure access to company resources.

Moreover, IAM enables IT admins to define the appropriate access levels via role-based access control to ensure that only authorized users can access their assigned resources.

Enhanced User Experience
Adaptive User Access Management
Identity Governance
Identity Management
IAM ensures a seamless user experience by reducing time spent managing passwords. It gives users an easy, quick sign-in process to grant secure access while boosting productivity. 
This feature helps protect users against identity compromise via strong authentication and real-time, risk-based access policies. The adaptive approach ensures that only authorized users and trusted (uncompromised) devices can access an organization's sensitive information and resources. 
Identity Governance refers to controlling access to all available resources for all user and administrator accounts. Automated identity governance helps ensure that only authorized users can access a company's data and apps. 
Identity Management helps manage all identities and app access from a central location, regardless of where they reside (on-premises or the cloud). 

Information protection

Information protection emphasizes localization, organization, and protection of an organization's sensitive information across apps, endpoints, and clouds. Such information can include credit card numbers, health records, financial data, security numbers, and more.

Microsoft Information Protection (MIP) helps companies understand their data so they can protect it better and prevent data loss.

Data Loss Prevention (DLP)
Companies can create DLP policies via the Microsoft 365 Compliance Center. Sensible DLP policies help protect a company's resources and sensitive data. As a business grows, it can manage DLP policies to stay up-to-date with its data-creating needs and protection preferences. 
Data Classification
Data classification enables businesses to identify critical data across on-premises environments and hybrid cloud workloads to control data movement and transfers. Classification helps protect sensitive information regardless of location and ensures data is adequately stored or deleted depending on the company's needs. 
Microsoft Information Governance (MIG)
MIG helps companies satisfy regulatory compliance regarding data privacy. Via MIG, organizations can define whether to retain or delete data and records via automated policies, in-place management, pre-built data connectors, and more.

Threat protection

Microsoft Threat Protection presents integrated, automated security solutions to safeguard email messages, data, devices, and identities against cyber threats.

Extended Detection and Response (XDR)
XDR is focused on Microsoft 365 and Azure information protection. The approach aims to detect attacks and prevent their negative impact across endpoints, email, data, and cloud and SaaS platforms.
Security Information and Event Management (SIEM)
SIEM platforms (Azure Sentinel) enable security admins to detect and prevent malicious attacks before they penetrate company defenses. SIEM can grant a holistic view across the entire organization to detect attacks and efficiently respond to suspicious network activity via artificial intelligence (AI).

Security and Risk management

Security and Risk management for Microsoft 365 helps companies identify and remediate data-loss risks caused by both accidental and malicious activity to fortify critical information.

  • Privileged Access Management (PAM): PAM enables admins to effectively manage privileged access by denying privileges from otherwise privileged accounts to ensure the optimal access level to perform critical tasks without putting the company's resources at risk.
  • Insider Risk Management: Not all data threats come from the outside. Insider Risk Policies enable companies to identify, detect, analyze, and respond to insider risks within the organization via different risk measurement tools.
  • Internal Information Protection: Sensibly implemented information barriers empower admins to limit or deny access and communication between particular users (or user groups) to avoid conflicts of interest or internal information risk.
  • Communication Compliance: Communication compliance can minimize internal and external communication risks via quick identification and remediation of inappropriate messages that may violate your organization's code of conduct policies.
  • Customer Lockbox: Customer Lockbox allows more extensive control over sensitive data. The feature allows organizations to manage how Microsoft support engineers access company-created content by letting you deny or grant access to sensitive information.
  • Advanced Audits: Advanced Audits enable companies to increase audit log retention for forensic and compliance investigations. The feature also grants comprehensive access to critical data-loss events so security admins can grasp the scope of a particular breach.

Microsoft Compliance Manager

Microsoft 365's compliance management solution, Microsoft Compliance Manager, helps admins monitor and manage information security and data privacy. The solution focuses on seamless user experience, enabling inventory of data protection risks, regulation and certification updates, and audit reports.

 Is Microsoft 365 Security enough?

Now, let's dive deeper into Microsoft 365's security options. We will review the list of available security solutions and then explore if those options are the optimal offering to safeguard company data. Depending on the selected plan, Microsoft 365 provides some essential security functionalities, such as:

 Microsoft Defender 365, part of Microsoft's Extended Detection and Response (XDR), provides protection, detection, investigation, and response to email, collaboration, identity and device threats in a central portal.
Exchange Online Protection (EOP) provides anti-malware and anti-spam filtering for mailboxes.
Microsoft Defender for Microsoft 365 provides a set of prevention, detection, investigation, and threat-hunting features to protect email and Microsoft 365 resources.
Microsoft Defender for Endpoint provides preventative protection, post-breach detection, and automated investigation and response for devices in your clients' organizations.
Azure Information Protection lets you discover, classify, label, and protect your clients' sensitive documents and emails via security policies.
Microsoft Defender for Identity is a cloud-based security solution that leverages on-premises Active Directory signals to identify, detect, pinpoint, and investigate advanced threats, compromised identities, and malicious insider actions directed at your clients.
With Microsoft Cloud App Security, you can identify and combat cyber threats across your clients' cloud services via a cloud access security broker (CASB) that provides multifunction visibility, control over data travel, and sophisticated analytics.
With Advanced eDiscovery and advanced audit, you can assess your clients' compliance status and respond to legal and regulatory requirements.

Advanced Audit and eDiscovery

Via Microsoft Secure Score (found in the Microsoft Defender Portal), an organization can measure its security posture to improve its defenses and safeguard critical data more efficiently.

To prevent email data loss, Microsoft has incorporated its data loss prevention (DLP) policies into Microsoft 365. Still, these rules are not enough to keep your data secure and protected, especially when targeted by cyberattacks.

Microsoft provides essential email security functionalities via Microsoft Defender for Microsoft 365 and Exchange Online Protection. However, it doesn't ensure protection against all modern threats targeting email. For example, Microsoft 365's native defenses only provide limited protection against malicious content, such as an embedded malicious Word or Excel file or malware hidden within a seemingly clean PDF. Furthermore, Microsoft 365 doesn't provide long-term retention or point-in-time restore; the latter being a feature that clients need after successful attacks.

Moreover, with Microsoft 365, service providers are limited to only providing patch management support for Microsoft applications. While third-party applications can be patched through Microsoft System Center Configuration Manager (SCCM), the process is complex as it requires managing multiple solutions. At the same time, SCCM supports a limited number of third-party applications and requires them to be installed on-premises.

Even though MSPs can use Microsoft 365 to build services, you must enable and manage various protection services using different tools. This significantly increases the management burden and complexity and requires more resources than most MSPs have.

Data loss prevention tips for Office 365

Regardless of their current solution, organizations must take the time to implement the primary security best practices to ensure Microsoft 365 (formerly Microsoft Office 365) data is fortified against all potential data-loss threats.

Access Management
The "least privilege" principle can effectively manage permission controls across the entire company environment. Least privilege refers to granting users access solely to data that is critical for their duties. Within Microsoft Office 365, administrators can leverage Azure Active Directory (AD) and Role-based Access Control (RBAS) to empower user management, application permissions, and role assignments.However, it's important to note that administrator accounts are a more enticing target for threat actors (as such accounts have more extensive privileges). A breach on an admin account can affect the entire Office 365 environment. To avoid such a scenario, admins should only use their privileged accounts when required and rely on a separate account for regular, day-to-day activities to minimize the risk of a breach. 
Data classification for Office 365 
Efficiently protecting sensitive data requires companies to know what data they house, where it's located, and how important it is to the business. Admins can apply sensitivity level labels to data via the Data Classification Office 365 feature or a third-party cybersecurity solution. The labels' role is to determine and display how sensitive the assigned content is and how users should treat it (the process may include encryption or watermarking features). For example, susceptible data will be monitored wherever it moves; this is done so your EDR/XDR solution can prevent it from leaving your company networks without authorization. In addition to primary data classification features, third-party dedicated solutions can offer more advanced options, such as scanning relevant data repositories (local or cloud) to classify all contained data as it's found. Such solutions can also classify data at the exact point of creation or modification according to pre-defined classification schemas tailored to data privacy laws and regulations relevant to the company's industry. 
Comprehensive attack vector coverage
Office 365 (currently, Microsoft 365) offers various products that can provide attackers with numerous potentially exploitable attack vectors.Securing Office 365 requires a cybersecurity solution to ensure complete coverage of all potential attack vectors. This way, cybersecurity admins can access and review all possible risks to data and remediate any existing vulnerabilities to deny access to perpetrators. 
Anti-phishing protection
The ever-evolving landscape of cyberattacks presents Office 365 admins with numerous threats. For example, business email compromise (BEC) attacks do not rely on malware that traditional signature analysis can detect. An O365 instance requires a dedicated email security solution reliant on machine learning (ML) to detect new or unknown malware variants. Such a solution can perform advanced threat analysis and identify BEC and other social engineering attacks before they can infect your company network. 
Multi-factor authentication (MFA) 
Multi-factor authentication (MFA) requires at least two additional verification methods to protect user accounts and the company resources these accounts can access. Companies can use the Microsoft Authenticator app to enable phone call or text message authentication for a registered number. They can also utilize a third-party cybersecurity tool to customize MFA and add more authentication layers for the most critical data within the protected environment. Moreover, it's important to reiterate that the Principle of Least Privilege (PoLP) is critical to restrict sensitive data access. 
Employee training
Human error can often cause a breach in data security within organizations. Users who don't know how to use a secure web browser can usually open and click on bogus and phishing emails. Businesses must take the time to create security-conscious cultures and educate employees on common risks and vulnerabilities.Regular, tailored cybersecurity awareness training is critical for empowering organizations to decrease their risk exposure.

Cloud apps protection

Be it Microsoft Teams, OneDrive or Outlook, cloud apps are critical data-sharing and collaboration tools for any business reliant on Microsoft 365. Due to its advanced sharing capabilities, Office 365 can pose a significant threat of data loss or exfiltration. Robust data security relies on outbound data protection to monitor M365 traffic and identify attempted breaches (e.g., phishing attacks) and exfiltration attempts toward sensitive company information.

Safeguarding cloud applications can also include access permissions, EDR and XDR, anti-malware and anti-phishing protection, employee awareness training, multifactor authentication (MFA), and more. You can implement cloud app protection via Microsoft Defender for Cloud Apps or a third-party solution dedicated to cybersecurity.

MSP Academy: Making money with Microsoft 365

Start making money by offering your clients Microsoft 365 services

How does Acronis Cyber Protect Cloud Advanced Email Security build on top of Microsoft 365?

Acronis Cyber Protect Cloud is the industry's only solution that natively integrates cybersecurity, data protection, and protection management to safeguard data, applications, and systems. The unique integration eliminates complexity so service providers can protect customers better while keeping costs down. You can enhance your backup service with essential cyber protection at cost and increase your profitability with essential cyber protection functionalities that cover all endpoints.

Powered by the industry-leading solution from Perception Point, Acronis' Advanced Email Security pack for Acronis Cyber Protect Cloud enables service providers to enhance and extend their cybersecurity capabilities by detecting and stopping all email-borne cyber threats before they can reach their clients' end users. In an evaluation by SE Labs Independent Testing, Perception Point was ranked #1 for its highest detection rate (96%) and a 0% false-positive rate, significantly surpassing other competitors and Microsoft 365's native defenses.

Comparison of Acronis Advanced Email Security with Microsoft 365

Compared with Microsoft Defender 365, Advanced Email Security detection speeds are less than 30 seconds. This allows MSPs to prevent threats before they reach their clients' mailboxes instead of reacting to threats and catching them minutes after they are delivered to clients or, alternatively, scanning just a fraction of the traffic, increasing clients' risk. Acronis' unique anti-evasion engine detects malicious hidden content by recursively unpacking the content into smaller units (files and URLs), which are then dynamically checked by multiple engines in under 30 seconds.

Advanced Email Security's detection accuracy was rated "best-in-class," whereas M365 was ranked below average. And even though Microsoft 365 has built-in protection against email-borne threats, 80% of breaches are new or unknown "zero-day attacks" that can bypass Microsoft 365's traditional defenses. Acronis covers more threats, including zero-day attacks and advanced persistent threats (APTs).

Advanced Email Security also enables MSPs to provide incident response services at no additional cost. These services act as an extension of your service delivery and security teams that monitor all customer traffic, analyze malicious intents, and provide ongoing reporting and support, including engine optimization, handling false positives, and maintaining the decision mechanisms.

How do I secure my Office 365?

Automated security solutions

Automating security best practices can safeguard essential data, save resources, and save time for your IT admins to focus on critical business projects. Moreover, automated security solutions, such as Acronis Cyber Protect Cloud, can fortify a company's security posture without needing a dedicated on-premises security team.

Automated Backup
Microsoft 365 doesn't include a native backup feature. As per the shared responsibility model, data protection is the customer's responsibility, meaning organizations must implement the required solutions to ensure their data's safety and integrity. Robust backup solutions, for example, can automate M365 backups to both local and cloud storage. Once configured, the software follows a strict schedule to create copies of changed data, ensuring businesses always have at least one readily available backup to recover critical data following a breach event. 
Disaster Recovery
Malware, particularly ransomware, has become a dominant threat for SaaS environments. As companies transfer their email offerings and data storage to the cloud, ransomware protection is critical to ensure both data at rest and in transit are secure from malicious threats. Even if ransomware penetrates company defenses and "locks" an organization's data, a dedicated backup and recovery solution can initiate disaster recovery to restore all affected files and systems onto a secondary environment. This means the company can restore business processes and critical operations with minimal downtime and data loss while remediating its primary environment. 
App/Browser Risk Assessment
Malicious browser plugins, fraudulent integrations, and apps capable of leaking data to threat actors are a significant risk for modern companies. Real-time app and browser risk assessment tools are crucial to ensure all network elements are secured and can't cause data breaches, leaks, and regulatory compliance violations.
As mentioned earlier, M365's built-in DLP features aren't enough to counter sophisticated threats. To ensure optimal threat protection and fortify critical data, companies should rely on a dedicated cybersecurity solution reliant on AI and ML to detect and remediate potential threats in real time.

Remediating external communication risks

External communication poses two primary risks to company data — malicious links and corrupted file attachments. Threat actors can send phishing emails or fraudulent messages containing links that, at first sight, appear legitimate. However, malicious content can quickly infiltrate the company environment and download additional malware onto on-premises (or remote) work devices. Employees may unknowingly click on corrupted links and initiate, for example, a ransomware download.

The same goes for file attachments — attackers may disguise malware as "legitimate" files, such as Office documents or PDFs. When opened by an unsuspecting employee, ill-intended files can spread malware and disrupt company processes, hold data at ransom, or gain complete control over the company network. To counter external communication risks, organizations should invest time and resources in the following:

Employee education and cybersecurity awareness training
Anti-malware and EDR deployment
Strict security policies and procedures enforcement
Regular training allows employees to understand the risks of external communication, such as clicking on unknown links or accessing suspicious attachments. Continuous education and reminders can help enhance employee awareness and minimize the potential success of malware traps aiming to exploit the target workforce.
Robust EDR and anti-malware are critical to safeguard employee devices. Such solutions can detect and remediate malware infections before they become full-blown breaches. The software can scan attachments, files, and URLs for potentially malicious content, provide real-time protection, and block ill-intended attempts on the protected network.
Modern businesses must take the time to define and implement clear, strict security policies and procedures regarding external communication in Microsoft Teams. Such policies can include guidelines for identity verification for external parties or instructions on how employees should handle suspicious messages, attachments, or links. Combined with regular training, such an approach can foster stellar cybersecurity hygiene amongst the staff and minimize the risk of accidental infection.

Consolidating Cloud and SaaS platforms

Organizations globally rely on various cloud services to unlock their day-to-day productivity. However, leveraging multiple cloud services can inflate the attack surface of the business, inviting an extensive volume of cyber threats. Securing a multicloud and SaaS environment can require more cybersecurity resources - expertise, solutions, and infrastructure expenditure. Instead, companies can aim to consolidate their cloud environment to minimize the attack surface, save resources, and ease cyber security event management across the entire organization.

Unified identity management

Unified identity management combines four primary elements of identity management - IGA, PAM, AD Mgmt, and AM to unlock a holistic approach towards user and data access management (including privileged access), authentication, verification, analytics, and compliance. The approach can enable your in-house IT and security team to focus on enhancing the overall security across your environment while improving the following five elements within your identity management framework:

Operational efficiency
Arguably the most significant benefit of unified identity management refers to centralizing security processes to allow cyber specialists to adopt quick, flexible, and secure data protection practices, all managed via a single console.
Organization protection
Controlling key data security methods – CIEM, Zero Trust frameworks, endpoint privilege management, privileged remote access, etc. — ensures your IT team can monitor and manage all security controls efficiently to ensure complete organization protection.
Compliance and Auditing
Unified identity management platforms enable security specialists to ensure compliance for all company processes more quickly and easily, as all required data can be accessed via a single control center.
Log management
Log data is critical to present the required knowledge and perspectives into an organization’s security posture. A unified platform eases the gargantuan task of collecting all relevant logs as the entire data set resides in a centralized console to facilitate collection, filtering, distributing, and archiving.
Digital transformation
Consolidating identity management processes for growing organizations empowers IT professionals to manage their company’s identity portfolio more effectively while adapting to the business growth rate accordingly to ensure secure, efficient digital transformation.

How can I protect Microsoft 365 with Acronis Cyber Protect Cloud?

Acronis Cyber Protect Cloud offers best-in-class, cloud-to-cloud, agentless backups for Microsoft 365 to the Acronis Cloud, a global data center infrastructure secured via comprehensive information protection and compliance capabilities to include physical, technical, and administrative controls based on real-time risk assessment.

Since the backup process runs in the Acronis Cloud instead of on-premises, companies can easily configure, manage, and initiate backups securely and efficiently. Quick Microsoft 365 backups, point-in-time recovery, flexible cloud storage options, and enhanced disaster recovery ensure that businesses safeguard their Microsoft 365 data via verified backups, readily available for recovery to minimize downtime and ensure business continuity.

Intuitive interface
Companies can easily install and configure the solution to perform backup tasks via the user-friendly interface. They can also automate the backup schedule to save resources and time and minimize the risk of human error. 
Quick backup search
Enhanced backup search allows admins to browse backup content to find the specific item they need to access quickly. For example, they can browse backed-up mailboxes by email subject, sender, recipient, and data. Moreover, they can promptly search via word forms or partial information to find the required content. Lastly, admins can search for backup data regarding Microsoft Teams, SharePoint Online, and OneDrive for Business by file name and site item. 
Automatic protection for Microsoft 365
Automation enables companies to streamline backup management for Microsoft 365 in whichever way they deem convenient. During and after process automation, new users, user groups, and sites are automatically protected. 
Status monitoring
The advanced reporting capabilities of Acronis Cyber Protect Cloud unlock higher transparency and security levels for businesses. The advanced reporting capabilities and backup-status monitoring include widgets, notifications, and critical event alerts. 
Multi-level encryption
At-source, enterprise-grade AES-256 encryption can safeguard Microsoft 365 data at rest and in transit via irreversibly encrypted passcodes. 
MFA support
Security admins can leverage the solution to implement an additional protection layer, such as multifactor authentication via a trusted device or fingerprint. 
Endpoint protection
Acronis Cyber Protect Cloud offers next-gen anti-malware and anti-ransomware as part of the service offering. Both features ensure advanced protection across clients’ endpoints and complement various other security layers. 
Patch management
Automated patch management can help improve clients’ security infrastructure and productivity; automatic patching is available for over 230 third-party apps on Windows.Moreover, automating the patch management process can eliminate the risk of technical issues (e.g., failed patches) via automatic system, data, and endpoint backups before applying the patches.

How to add a Microsoft Office 365 organization to Acronis Cyber Protect?

To add an M365 organization, follow the steps below:

  1. Sign in to the service console as a company administrator.
  2. On the top-right corner, click the Account icon → click "Downloads" → "Agent for Office 365."
  3. Download the backup agent and install it on your preferred Windows machine connected to the internet.
  4. After successfully installing the agent, click "Devices" → "Microsoft Office 365" → enter the Office 365 global administrator credentials. Keep in mind that an organization (company group) can only have one locally installed Agent for Office 365.

Following successful configuration, your Microsoft 365 data items will appear in the service and backup console. Once you successfully backup Microsoft 365 data, you can recover individual files or complete backup sets to M365 of a live Exchange Server.

You can back up and restore Mailboxes, Email messages, Email folders, Tasks, Calendar events, Journal entries, Notes, and Contacts. For more extended security information, you can check the link here.

What is Microsoft 365 E5 security?

Microsoft 365 E5 is an enterprise-level version of the Microsoft 365 suite. Aside from productivity apps, the E5 version includes Microsoft security technologies and advanced compliance and analytics capabilities. Its key features include the following:

Data Security
Microsoft 365 E5 offers integrated, automated security capabilities to empower identity and threat protection. The features can aid companies in countering the potential impact of cyberattacks.
The E5 version offers Power BI capabilities to help organizations analyze various data and leverage insights to realize new business value.
Microsoft 365 E5 provides capabilities to centralize information protection and compliance processes to ease data protection and governing. The tools can minimize data-loss risk and adhere to organizational and regulatory compliance requirements.


Microsoft 365 security is critical for protecting an organization's sensitive data within hybrid cloud workloads. While Microsoft 365 presents numerous native data loss prevention features, its shared responsibility model leaves data protection almost entirely up to the users. From multifactor authentication and managing passwords for all your identities to data classification, extended detection, and robust backup, companies must be the ones to implement cybersecurity best practices to ensure the integrity and availability of their data.

While ensuring cyber protection across your entire Microsoft 365 environment can be challenging, partnering with a dedicated backup and cybersecurity solution can streamline the process and save you time, effort, and resources.

With Acronis Cyber Protect Cloud, MSPs can deliver integrated Microsoft 365 backup, cybersecurity, disaster recovery, and endpoint management to suit businesses of various sizes. The platform's powerful automation and customization capabilities let you easily manage DLP policies and backup schedules to secure user accounts and essential data while boosting productivity.

Monitoring and managing all cybersecurity processes from a single, central location ensures security specialists can detect attacks, take the appropriate actions, and counter common threats and advanced malicious attempts on protected networks. Moreover, regular, continuous automated backups and advanced disaster recovery ensure that even if a breach occurs, companies can restore their business-critical data in no time, thus minimizing downtime and maintaining business continuity.

Ready to take your Microsoft 365 skills to the next level? Enroll in our MSP Academy: Microsoft 365 training course and gain the knowledge and expertise needed to deliver high-value MSP services. This one-hour course covers everything from a comprehensive understanding of Microsoft 365's suite to mastering licensing and subscription management. You'll also learn about core services, security and compliance, troubleshooting and best practices for a client-centric approach. Don't miss this opportunity to enhance your skills and deliver exceptional value to your clients.

Enroll now and start making money by offering your clients Microsoft 365 services!

MSP Academy: Making money with Microsoft 365

Start making money by offering your clients Microsoft 365 services

About Acronis

A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.

More from Acronis