Recommendations to secure your Office 365 tenant – Part 2

Last week I post a little talk about security, so my idea is to continue it. Regarding security in business, we can acquire Microsoft 365 (M365), which is super cool in terms of security. It includes all the best from Office 365 but also includes features available only as add-ons for Office package, plus, of course, Windows Defender and EMS.

Office message encryption

Encryption can easily make your corporate communication a lot safer, for me, this feature is cool, It makes it possible to:

  • Send encrypted emails to anyone inside your organization or outside
  • To any email address, including Office 365, Microsoft accounts (like Hotmail or, etc…
    • receive encrypted messages and open them from any app on any device
    • be sure that recipients won’t be able to forward this email to others, as encrypted emails are sent with a “Do Not Forward” setting.


Anti-phishing protection (ATP)

M365 Business includes Office 365 Advanced Threat Protection (ATP), where specialized code unmasks phishing attacks trying to penetrate the organization via corporate e-mail.

Often such attacks are impersonation based. You can easily set it right by choosing among various policy options to better identify and prevent phishing and spoofing attempts.

ATP safe attachments and safe links

ATP safe attachments tool opens every attached file in a virtual environment before releasing it to the user. The possible outcomes are:

  • safe attachment will be open right away after scanning;
  • attachment containing malicious content will be removed and a warning message will be displayed.

Exchange Online Archiving

Organizations often need to keep their business correspondence for litigation, compliance or other purposes. Online Archiving can complete the task of backing up emails.

  • an archive mailbox is created within the user’s primary mailbox
  • users may use both their archives and primary mailboxes
  • deleted items or even a deleted mailbox can be recovered
  • Able to set retention tags, which specifies how long the message is kept and the action taken when retention time expires
  • if retention tag is not applied, default retention tag will be applied to the file.

Azure Information protection

It offers capabilities for detecting, classifying and labelling files. Once applied label makes them confidential, general or any other to your choice. AIP can classify and label your data:

  • at rest
  • in use
  • in motion

And wherever it may reside:

  • Microsoft’s Cloud
  • SaaS apps
  • non-Microsoft Clouds
  • your own data center in on-premises file servers (needs the AIP P2 license)
  • other platforms such as Apple/Mac
  • non-Microsoft file types (e.g. PDFs in Adobe Reader).

This is pretty cool. It means that your data is protected no matter which service it actually ends up in, because all these services recognize the labels, so protections, implied by labels, are always going to be respected.


Allows to manage and control both Microsoft and non-Microsoft devices.

Data loss prevention

Data loss prevention (DLP) is a specific policy which may assist you in detecting personal sensitive data stored in various locations, like SharePoint or OneDrive etc., and prevent your users from inadvertently sharing it.

Windows Defender

Windows Defender in M365 is protecting end points running Windows in your organization. Similar to O365 and Azure AD, Windows Defender has its own Advanced Threat Protection and these three ATPs actually collaborate

As you can see, M365 offers many more advanced security features that will turn threat protection into something that meet all your security requirements.

Till next time folks!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s