So if you are using Office 365 you should consider use/enable these 5 features which you have free of charge within your Office 365 subscription.

These tips are the first thing i enable for my customers (if they are not enabled already of course)

So let`s dig into the features! – All of the features are FREE!

1. Enable MFA for your user

This is a simple thing to do and in 5 steps it`s enabled both for your end-users and for your admin accounts.

Ref: https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide#manage-mfa-settings-in-the-new-microsoft-365-admin-center

2. Block malicious files types

The next one is almost as simple as the first one and is enabled in just a few minutes.

Navigate to “protection.office.com” and authenticate, go to “Threat Management” and “Policy” then click “Anti-malware”. Edit the default policy and og to settings, under “Common Attachment Types Filter” set the toggle to “On” – your done! 🙂

3. Use a separate account for administrative tasks

A simple thing to do – if you have administrative privilege’s on your account you should create a separate admin account which is protected with MFA of course. This can also be mitigated using the paid service Azure AD Privileged Identity Management – more on that service i a later blogpost

4. Block Auto-forwarding on email accounts

By blocking auto-forwarding on email accounts you mitigate the attack vector which is when a account is breached and the bad guys setting up forwarding of emails to gain information about the company and how people collaborates. This is the start of a advanced phishing attack.

Ref: https://support.office.com/en-us/article/stop-auto-forwarding-emails-in-microsoft-365-f9d693ba-5c78-47c0-b156-8e461e062aa7

5. Use Secure score to improve security

Secure Score is a simple and fun way to fix and improve your company security. The results are tailored to your Office 365 implementation and you`ll get scored on how many improvements you configure.

So to wrap up this blog post – All these features are free! It will take you under 1 hour to implement and your company is a lot more secure!