What Security Capabilities Are Included in Microsoft 365?
Nowadays, cyber security is a very hot topic, and for very good reason. In the UK alone – as recent studies by the government have discovered – nearly 40 percent of businesses report cyber security breaches and/or attacks.
Lots of security solutions are available for businesses, but equally important is to ensure that security best practices are baked into the technology businesses use everyday. Microsoft 365 is a good example of the latter. We recently spoke with a Microsoft Solutions Partner based in London, TechQuarters, who have extensive experience providing SMBs support and assistance with their technology. The business IT support London-based companies have received from TechQuarters is closely tied in with the Microsoft 365 suite, so we asked them about the integrated security capabilities that it has.
Microsoft 365’s Integrated Security
Microsoft 365 employs layered, inter-connected security to protect the data and applications that an organisation uses. According to TechQuarters, the way that Microsoft 365’s integrated security works is by focusing on the following four aspects:
- Identity & Access Management
Most businesses nowadays will be familiar with the principle of identity and access management. For Microsoft 365, it is the very first line of protection in the suite. It is essentially a system of processes and policies, reinforced with a range of technology solutions, which allows the management of user identities – meaning that it is very hard for hackers (or anyone with malintent) to gain access to accounts. Microsoft 365 identity & access management employs multi-factor authentication to confirm the identity of whoever is trying to access an account.
- Threat Protection
This category of Microsoft 365 security is all about actively defending against cyber threats – this encompasses a range of different solutions. M365 threat protection comes in the form of Microsoft 365 Defender – which is part of the wider Defender family of products – as well as Defender for Endpoint, and Microsoft Cloud App Security. These tools together monitor activity across an organisation’s M365 environment, ensuring that any threat is detected quickly, and isolated.
- Information Protection
As the name suggests, this aspect of M365 security is all about making sure that data is kept secure at all times – including when it is travelling. With Information Protection, organisations can easily configure policies for data security – which can include categorising certain types of data as being sensitive, and thus ensuring it is secured no matter where it is located.
- Security Management
Microsoft 365 has it’s own security centre, which covers the detection, protection, investigation, and response to threats. A threat may be directed at emails, identity, or devices, but with the M365 security centre, organisations can access critical security information, enabling them to respond to threats in real-time. Within the security centre, the following products can be found:
- Microsoft Defender for Endpoint – this product ensures that all endpoints (any device that is connected to the company network in some way) is protected. Defender for Endpoint also includes automated investigation and response post-breach.
- Microsoft 365 Defender – this product leverages all of the security capabilities included in M365 in order to collate information from across the whole of an organisation’s infrastructure, so as to build a comprehensive account of a threat or attack.
These are all of the security capabilities of Microsoft 365 – although it should also be pointed out that, depending on the Microsoft 365 plan a business picks, they may not get all of these features. Most Microsoft 365 consulting companies will recommend the Microsoft 365 Business Premium plan, because it includes all of the functions and capabilities mentioned above, and therefore guarantees businesses an excellent baseline for their security.