Cybersecurity threats are rising and small to medium-sized businesses (SMBs) using Microsoft 365 are prime targets.
Many cyberattacks start with a simple phishing email or stolen credentials, but the consequences can be costly: data loss, downtime, and damaged reputations.
The good news? Microsoft 365 includes powerful built-in security features. The key is knowing what to turn on, how to configure it properly, and how to keep it over time.
In this blog, we’ll walk you through five essential Microsoft 365 security features you need to enable right now with clear instructions and best practices.
1. Multi-Factor Authentication (MFA)
Why it matters
MFA provides an extra layer of protection by requiring users to verify their identity using a second method like an app notification or text message before gaining access.
How to enable it
- Log in to the Microsoft 365 Admin Centre.
- Go to Users > Active users.
- Click multi-factor authentication in the top menu.
- Select users and click Enable.
Best practices
- Require MFA for all users, especially administrators.
- Recommend using the Microsoft Authenticator app.
- Consider conditional access policies for flexible enforcement.
2. Conditional Access Policies
Why it matters
Conditional Access allows you to define when and how users can access company data, reducing risk by blocking access from unknown devices, untrusted locations, or risky sign-ins.
How to enable it
- Open the Microsoft Entra Admin Centre (Microsoft Entra ID).
- Navigate to Security > Conditional Access.
- Click + New policy, define users/groups, set conditions, and choose controls.
- Save and enable your policy.
Best practices
- Use “require MFA” for sign-ins from outside your network.
- Block legacy authentication protocols.
- Test policies in report-only mode before enforcing them.
3. Microsoft Defender for Office 365
Why it matters
Microsoft Defender for Office 365 provides protection against advanced threats like phishing, malware, and zero-day attacks across email, Teams, SharePoint, and OneDrive.
How to enable it
- Access the Microsoft 365 Defender portal.
- Go to Email & collaboration > Policies & rules > Threat policies.
- Configure:
- Anti-phishing policies
- Safe Links
- Safe Attachments
- Apply these policies to all users or specific groups.
Best practices
- Enable impersonation protection for executives and finance staff.
- Monitor alerts and investigation reports regularly.
- Fine-tune rules as new threats appear.
4. Data Loss Prevention (DLP)
Why it matters
DLP helps prevent accidental or intentional sharing of sensitive data like credit card numbers, national insurance numbers, or confidential client info.
How to enable it
- Go to the Microsoft Purview Compliance portal.
- Click Data loss prevention > Policies.
- Create a new policy using built-in templates (e.g., UK Financial Data).
- Define locations (e.g., Exchange, SharePoint, OneDrive) and user actions to check or block.
Best practices
- Start in “audit” mode to assess potential incidents.
- Apply stricter policies for external sharing.
- Regularly review policy matches and adjust as needed.
5. Safe Links & Safe Attachments
Why it matters
These features scan links and attachments in real time even after delivery to prevent users from accidentally clicking or downloading malicious content.
How to enable it
- In the Microsoft 365 Defender portal, go to Policies & rules > Threat policies.
- Select Safe Links to create a URL protection policy.
- Select Safe Attachments to enable attachment scanning.
- Apply policies to users or groups and set actions (e.g., block, replace, quarantine).
Best practices
- Use URL rewriting to track and scan all clicked links.
- Apply policies to Teams and Office 365 apps.
- Combine with user training for extra protection.
Final Thoughts: Don’t Set It and Forget It
Turning on these features is a crucial step in securing your Microsoft 365 environment but ongoing maintenance matters just as much. Cyber threats evolve, and your defences need to keep up.
Keep security strong by:
- Reviewing your Microsoft Secure Score regularly
- Monitoring alerts in the Microsoft Defender portal
- Training employees on new threats and security awareness
- Auditing access permissions and admin accounts periodically
Need help configuring these features or want a tailored security review?
Get in touch — we’re here to help SMBs stay secure and confident in the cloud.
