Phishing is the most common type of cyberattack. An estimated 3.4 billion emails are sent by malicious actors daily, disguised to look like they're coming from a trusted sender. This number adds up to over a trillion phishing emails yearly. According to an ESET research, the most common malicious attachment type is Windows executables (47%), with script files, Office documents, and PDF documents completing the top four.
Regarding Microsoft 365 (M365), some startling statistics demonstrate why Microsoft 365 email security and protection is essential.
- According to a Proofpoint research, thousands of Microsoft 365 user accounts were targetted by the EvilProxy phishing kit, capable of infiltrating multi-factor authentication-protected M365 cloud accounts. Approximately 39% of compromised users were C-level executives (17% of whom were financial officers and 9% were CEOs and presidents).
- From November 2021 to October 2022, the most commonly exploited applications globally were Microsoft Office Applications.
- According to a 2022 Egress report, 85% of organizations using Microsoft 365 reported a phishing-caused breach in the, then, past year. 40% of organizations also fell victim to credential theft.
- With 60% of data breaches attributed to poor patch management, there were 1,220 new CVEs across Microsoft products in 2020 in the common vulnerability and exposures (CVEs) database.
What Security and Compliance Features Does Microsoft 365 Offer?
Let's explore Microsoft's 365 security and compliance options.
Identity and Access Management (IAM)
Microsoft's IAM solutions enable admins to manage digital identities to ensure secure access to a company's data spread across databases, applications, and networks. IAM can counter suspicious login attempts (potentially from unauthorized users). It can also protect user credentials via risk-based access controls, robust authentication tools, and identity protection options to grant users secure access to company resources.
Moreover, IAM enables IT admins to define the appropriate access levels via role-based access control to ensure that only authorized users can access their assigned resources.
Information protection
Information protection emphasizes localization, organization, and protection of an organization's sensitive information across apps, endpoints, and clouds. Such information can include credit card numbers, health records, financial data, security numbers, and more.
Microsoft Information Protection (MIP) helps companies understand their data so they can protect it better and prevent data loss.
Threat protection
Microsoft Threat Protection presents integrated, automated security solutions to safeguard email messages, data, devices, and identities against cyber threats.
Security and Risk management
Security and Risk management for Microsoft 365 helps companies identify and remediate data-loss risks caused by both accidental and malicious activity to fortify critical information.
- Privileged Access Management (PAM): PAM enables admins to effectively manage privileged access by denying privileges from otherwise privileged accounts to ensure the optimal access level to perform critical tasks without putting the company's resources at risk.
- Insider Risk Management: Not all data threats come from the outside. Insider Risk Policies enable companies to identify, detect, analyze, and respond to insider risks within the organization via different risk measurement tools.
- Internal Information Protection: Sensibly implemented information barriers empower admins to limit or deny access and communication between particular users (or user groups) to avoid conflicts of interest or internal information risk.
- Communication Compliance: Communication compliance can minimize internal and external communication risks via quick identification and remediation of inappropriate messages that may violate your organization's code of conduct policies.
- Customer Lockbox: Customer Lockbox allows more extensive control over sensitive data. The feature allows organizations to manage how Microsoft support engineers access company-created content by letting you deny or grant access to sensitive information.
- Advanced Audits: Advanced Audits enable companies to increase audit log retention for forensic and compliance investigations. The feature also grants comprehensive access to critical data-loss events so security admins can grasp the scope of a particular breach.
Microsoft Compliance Manager
Microsoft 365's compliance management solution, Microsoft Compliance Manager, helps admins monitor and manage information security and data privacy. The solution focuses on seamless user experience, enabling inventory of data protection risks, regulation and certification updates, and audit reports.
Is Microsoft 365 Security enough?
Now, let's dive deeper into Microsoft 365's security options. We will review the list of available security solutions and then explore if those options are the optimal offering to safeguard company data. Depending on the selected plan, Microsoft 365 provides some essential security functionalities, such as:
Advanced Audit and eDiscovery
Via Microsoft Secure Score (found in the Microsoft Defender Portal), an organization can measure its security posture to improve its defenses and safeguard critical data more efficiently.
To prevent email data loss, Microsoft has incorporated its data loss prevention (DLP) policies into Microsoft 365. Still, these rules are not enough to keep your data secure and protected, especially when targeted by cyberattacks.
Microsoft provides essential email security functionalities via Microsoft Defender for Microsoft 365 and Exchange Online Protection. However, it doesn't ensure protection against all modern threats targeting email. For example, Microsoft 365's native defenses only provide limited protection against malicious content, such as an embedded malicious Word or Excel file or malware hidden within a seemingly clean PDF. Furthermore, Microsoft 365 doesn't provide long-term retention or point-in-time restore; the latter being a feature that clients need after successful attacks.
Moreover, with Microsoft 365, service providers are limited to only providing patch management support for Microsoft applications. While third-party applications can be patched through Microsoft System Center Configuration Manager (SCCM), the process is complex as it requires managing multiple solutions. At the same time, SCCM supports a limited number of third-party applications and requires them to be installed on-premises.
Even though MSPs can use Microsoft 365 to build services, you must enable and manage various protection services using different tools. This significantly increases the management burden and complexity and requires more resources than most MSPs have.
Data loss prevention tips for Office 365
Regardless of their current solution, organizations must take the time to implement the primary security best practices to ensure Microsoft 365 (formerly Microsoft Office 365) data is fortified against all potential data-loss threats.
Cloud apps protection
Be it Microsoft Teams, OneDrive or Outlook, cloud apps are critical data-sharing and collaboration tools for any business reliant on Microsoft 365. Due to its advanced sharing capabilities, Office 365 can pose a significant threat of data loss or exfiltration. Robust data security relies on outbound data protection to monitor M365 traffic and identify attempted breaches (e.g., phishing attacks) and exfiltration attempts toward sensitive company information.
Safeguarding cloud applications can also include access permissions, EDR and XDR, anti-malware and anti-phishing protection, employee awareness training, multifactor authentication (MFA), and more. You can implement cloud app protection via Microsoft Defender for Cloud Apps or a third-party solution dedicated to cybersecurity.
Start making money by offering your clients Microsoft 365 services
How does Acronis Cyber Protect Cloud Advanced Email Security build on top of Microsoft 365?
Acronis Cyber Protect Cloud is the industry's only solution that natively integrates cybersecurity, data protection, and protection management to safeguard data, applications, and systems. The unique integration eliminates complexity so service providers can protect customers better while keeping costs down. You can enhance your backup service with essential cyber protection at cost and increase your profitability with essential cyber protection functionalities that cover all endpoints.
Powered by the industry-leading solution from Perception Point, Acronis' Advanced Email Security pack for Acronis Cyber Protect Cloud enables service providers to enhance and extend their cybersecurity capabilities by detecting and stopping all email-borne cyber threats before they can reach their clients' end users. In an evaluation by SE Labs Independent Testing, Perception Point was ranked #1 for its highest detection rate (96%) and a 0% false-positive rate, significantly surpassing other competitors and Microsoft 365's native defenses.
Comparison of Acronis Advanced Email Security with Microsoft 365
Compared with Microsoft Defender 365, Advanced Email Security detection speeds are less than 30 seconds. This allows MSPs to prevent threats before they reach their clients' mailboxes instead of reacting to threats and catching them minutes after they are delivered to clients or, alternatively, scanning just a fraction of the traffic, increasing clients' risk. Acronis' unique anti-evasion engine detects malicious hidden content by recursively unpacking the content into smaller units (files and URLs), which are then dynamically checked by multiple engines in under 30 seconds.
Advanced Email Security's detection accuracy was rated "best-in-class," whereas M365 was ranked below average. And even though Microsoft 365 has built-in protection against email-borne threats, 80% of breaches are new or unknown "zero-day attacks" that can bypass Microsoft 365's traditional defenses. Acronis covers more threats, including zero-day attacks and advanced persistent threats (APTs).
Advanced Email Security also enables MSPs to provide incident response services at no additional cost. These services act as an extension of your service delivery and security teams that monitor all customer traffic, analyze malicious intents, and provide ongoing reporting and support, including engine optimization, handling false positives, and maintaining the decision mechanisms.
How do I secure my Office 365?
Automated security solutions
Automating security best practices can safeguard essential data, save resources, and save time for your IT admins to focus on critical business projects. Moreover, automated security solutions, such as Acronis Cyber Protect Cloud, can fortify a company's security posture without needing a dedicated on-premises security team.
Remediating external communication risks
External communication poses two primary risks to company data — malicious links and corrupted file attachments. Threat actors can send phishing emails or fraudulent messages containing links that, at first sight, appear legitimate. However, malicious content can quickly infiltrate the company environment and download additional malware onto on-premises (or remote) work devices. Employees may unknowingly click on corrupted links and initiate, for example, a ransomware download.
The same goes for file attachments — attackers may disguise malware as "legitimate" files, such as Office documents or PDFs. When opened by an unsuspecting employee, ill-intended files can spread malware and disrupt company processes, hold data at ransom, or gain complete control over the company network. To counter external communication risks, organizations should invest time and resources in the following:
Consolidating Cloud and SaaS platforms
Organizations globally rely on various cloud services to unlock their day-to-day productivity. However, leveraging multiple cloud services can inflate the attack surface of the business, inviting an extensive volume of cyber threats. Securing a multicloud and SaaS environment can require more cybersecurity resources - expertise, solutions, and infrastructure expenditure. Instead, companies can aim to consolidate their cloud environment to minimize the attack surface, save resources, and ease cyber security event management across the entire organization.
Unified identity management
Unified identity management combines four primary elements of identity management - IGA, PAM, AD Mgmt, and AM to unlock a holistic approach towards user and data access management (including privileged access), authentication, verification, analytics, and compliance. The approach can enable your in-house IT and security team to focus on enhancing the overall security across your environment while improving the following five elements within your identity management framework:
How can I protect Microsoft 365 with Acronis Cyber Protect Cloud?
Acronis Cyber Protect Cloud offers best-in-class, cloud-to-cloud, agentless backups for Microsoft 365 to the Acronis Cloud, a global data center infrastructure secured via comprehensive information protection and compliance capabilities to include physical, technical, and administrative controls based on real-time risk assessment.
Since the backup process runs in the Acronis Cloud instead of on-premises, companies can easily configure, manage, and initiate backups securely and efficiently. Quick Microsoft 365 backups, point-in-time recovery, flexible cloud storage options, and enhanced disaster recovery ensure that businesses safeguard their Microsoft 365 data via verified backups, readily available for recovery to minimize downtime and ensure business continuity.
How to add a Microsoft Office 365 organization to Acronis Cyber Protect?
To add an M365 organization, follow the steps below:
- Sign in to the service console as a company administrator.
- On the top-right corner, click the Account icon → click "Downloads" → "Agent for Office 365."
- Download the backup agent and install it on your preferred Windows machine connected to the internet.
- After successfully installing the agent, click "Devices" → "Microsoft Office 365" → enter the Office 365 global administrator credentials. Keep in mind that an organization (company group) can only have one locally installed Agent for Office 365.
Following successful configuration, your Microsoft 365 data items will appear in the service and backup console. Once you successfully backup Microsoft 365 data, you can recover individual files or complete backup sets to M365 of a live Exchange Server.
You can back up and restore Mailboxes, Email messages, Email folders, Tasks, Calendar events, Journal entries, Notes, and Contacts. For more extended security information, you can check the link here.
What is Microsoft 365 E5 security?
Microsoft 365 E5 is an enterprise-level version of the Microsoft 365 suite. Aside from productivity apps, the E5 version includes Microsoft security technologies and advanced compliance and analytics capabilities. Its key features include the following:
Conclusion
Microsoft 365 security is critical for protecting an organization's sensitive data within hybrid cloud workloads. While Microsoft 365 presents numerous native data loss prevention features, its shared responsibility model leaves data protection almost entirely up to the users. From multifactor authentication and managing passwords for all your identities to data classification, extended detection, and robust backup, companies must be the ones to implement cybersecurity best practices to ensure the integrity and availability of their data.
While ensuring cyber protection across your entire Microsoft 365 environment can be challenging, partnering with a dedicated backup and cybersecurity solution can streamline the process and save you time, effort, and resources.
With Acronis Cyber Protect Cloud, MSPs can deliver integrated Microsoft 365 backup, cybersecurity, disaster recovery, and endpoint management to suit businesses of various sizes. The platform's powerful automation and customization capabilities let you easily manage DLP policies and backup schedules to secure user accounts and essential data while boosting productivity.
Monitoring and managing all cybersecurity processes from a single, central location ensures security specialists can detect attacks, take the appropriate actions, and counter common threats and advanced malicious attempts on protected networks. Moreover, regular, continuous automated backups and advanced disaster recovery ensure that even if a breach occurs, companies can restore their business-critical data in no time, thus minimizing downtime and maintaining business continuity.
Ready to take your Microsoft 365 skills to the next level? Enroll in our MSP Academy: Microsoft 365 training course and gain the knowledge and expertise needed to deliver high-value MSP services. This one-hour course covers everything from a comprehensive understanding of Microsoft 365's suite to mastering licensing and subscription management. You'll also learn about core services, security and compliance, troubleshooting and best practices for a client-centric approach. Don't miss this opportunity to enhance your skills and deliver exceptional value to your clients.
Enroll now and start making money by offering your clients Microsoft 365 services!
Start making money by offering your clients Microsoft 365 services
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.