Securing Office 365

Securing O365

We love Office 365.  Microsoft has done a great job creating an online set of tools that enable businesses to be mobile and productive.  Office 365 is secure, but like most things you should take some steps to make sure your data is safe within the solution.  We want to share our top 3 tips for securing office 365.

Securing Office 365- Setup 2 Factor Authentication

If you don’t already have 2 factor authentication set up on O365, you should.  It’s a setting in the admin panel you can enable.  It’s simple to use.  Just download one of many authenticator apps on your phone.  We like Microsoft Authenticator and Authy.  Go through the quick setup process in the app which has you scan a QR code and follow a couple of prompts to add the account.  Once configured it will ask you for a code you can easily access within the app to authenticate.

2FA all by itself can block over 99% of password attacks! It’s a simple thing to set up and configure and only takes a few seconds.  Authenticator apps make the process slick.

Securing Office 365 – Spam Filter

While O365 does have a built in SPAM filter……it’s not great.  You may still find yourself receiving more junk than you want.  There are some settings to play with here within O365, but the ultimate solution may be to add a spam filter.

There are several great products on the market for SPAM filtering that will add a layer of protection.  Barracuda is one that we like.  It can cache your email if O365 has an outage and deliver the mail later.  It also cuts down on the junk and gives you a handy quarantine summary.  Whitelisting and blacklisting emails is a snap.  It’s an effective and easy to use solution.  If you’re having problems with SPAM in O365 consider adding a SPAM filter.

Securing Office 365 – Backups

There seems to be a little bit of a misconception that if data is stored in O365 it can’t ever be lost again.  While the platform is secure, and data is kept indefinitely in your active account you still must guard against human error and attack.

Data that is deleted by a human in office 365 will stay in the recycle bin for 30 days.  After that it is automatically deleted forever.  Human error in deleting needed documents can still be a problem.  We’ve also seen instances recently where O365 email got encrypted with a targeted attack.

To solve for these situations and secure your data we recommend backing it up.  There are numerous products on the market that backup O365 with a cloud-to-cloud solution.  The cost is minimal, and there is a lot of peace of mind knowing that you have a copy of your data in case of human error or attack.


We’re pretty big fans of O365 and recommend it to our clients.  We also recommend that you implement a full solution and set up 2FA, filter it, and back it up.  If you take those steps you can rest easy knowing your critical data is protected.

The pros at i.t.NOW are here to help.  If you ever have questions about O365 or how to implement the solutions we’ve outlined give us a call.  We’re happy to talk through your situation and see how we can help.