SymQuest Tech Talk

How Microsoft 365 Business Premium’s Built-In Security Bolsters Your Cyber Threat Defense

Written by Chris Maynard | August 05, 2021

As new ransomware threats emerge and employees transition to a work-from-home environment, businesses are searching for ways to build their cybersecurity defense and IT resilience. Businesses need a solution to keep employees connected and productive regardless of their employees’ physical location, while simultaneously safeguarding their data and protecting them against cyber threats.

An effective and integrated security solution may seem out of reach for businesses with budget restrictions; however, small to medium-sized businesses (SMBs) can leverage the features included in Microsoft 365 Business Premium’s cost-effective plan. There are some thresholds to be aware of, as this plan specifically targets SMBs with a 300 user license cap, but the value businesses receive is exceptional for the cost.

Microsoft 365 Business Premium has multiple subscription levels, allowing businesses to grow and scale at their pace. Microsoft 365 Business Premium can be upgraded to Office 365 for Enterprise EM+S E3 if a business ever outgrows its original Microsoft 365 Business Premium plan. EM+S E3 has all the security features we’ll talk about here, so everything is still pertinent. Both offer a cost-effective and comprehensive cloud-based solution, to improve productivity and connectivity while bolstering cybersecurity and data protection capabilities.

A Breakdown of Microsoft 365 Business Premium’s Built-In Security Features

Microsoft 365 Business Premium is much more than a collection of Office apps. It is an integrated cloud-based solution, bringing together productivity apps from Office and collaboration tools such as Microsoft Teams, with advanced built-in security and device management capabilities. The cloud-based solution also provides enhanced visibility into a company’s digital footprint on phones, tablets, and computers. If your sensitive corporate data is being stored on someone’s personal device, you’d want to make sure that device was secure, right? Right.

Microsoft 365 Business Premium’s built-in security is structured around 3 different areas: threat protection, data protection, and device management. These core areas come together to form a cohesive and comprehensive cyber threat defense that bolsters businesses' security posture and keeps sensitive data secure from online threats and unauthorized access.

1. Threat Protection

Microsoft 365 Business Premium has multiple features to help businesses thwart ransomware and cyberattacks like Office 365 Advanced Threat Protection (ATP) and multi-factor authentication (MFA).

Advanced Threat Protection (ATP) - Advanced Threat Protection is a cloud-based email filtering feature that uses AI to protect businesses from a range of cyber threats. ATP is broken into two main components: ATP Safe Links and ATP Safe Attachments. ATP Safe Links protects employees from malicious embedded URLs in emails or documents while ATP Safe Attachments protects employees from malware and viruses attached to messages or documents.

Multi-Factor Authentication (MFA) - Did you know that accounts are more than 99.9% less likely to be compromised when using MFA? With the recent uptick in cyber-crime and over 300 million fraudulent sign-in attempts every day on Microsoft’s cloud services, implementing MFA has quickly become a requirement for doing business online. Luckily, Microsoft 365 Business Premium comes equipped with built-in MFA that requires employees to present a second form of authentication, such as a verification code or physical token, to confirm their identity before accessing resources within their cloud tenant. 

2. Data Protection

Microsoft 365 Business Premium’s data protection features help organizations safeguard their business-critical data and ensure only authorized personnel has continued access to it. These comprehensive data protection features include data loss prevention (DLP) policies, message encryption, and exchange online archives.

Data Loss Prevention (DLP) - DLP policies help organizations identify and protect business-sensitive information including Social Security numbers and credit card numbers as well as medical records. Keep in mind that these policies need to be put in place manually by administrators. Follow these directions to create and implement a data loss prevention policy tailored to your organization’s security needs.

Message Encryption - Microsoft 365 Business Premium’s built-in message encryption combines encryption and access rights capabilities to ensure only intended recipients can view the contents of the message. Message encryption is compatible with email services including Outlook.com, Yahoo!, Gmail, and more.

Exchange Online Archiving - Microsoft 365 Business Premium comes equipped with Exchange Online Archiving, a cloud-based archiving and data recovery solution that is compatible with Microsoft Exchange or Exchange Online. This feature supports organizations in archiving, compliance, regulatory, and eDiscovery challenges by providing advanced archiving capabilities including holds and data redundancy. Businesses can leverage archiving to provide secure, long-term cloud storage that meets regulatory compliance requirements. If you require Legal Hold as a feature, it's important to note that it is not included in Business Premium; however, Office365 for Enterprise EM+S E3 is available to meet that need.

3. Device Management

Microsoft 365 Business Premium’s device management features give administrators the visibility and control needed to limit or grant access to employees with enrolled devices. These device management capabilities include conditional access, mobile device management (MDM), BitLocker encryption, and automatic updates.

Conditional Access Policies - Businesses can leverage conditional access policies to specify access restrictions based on several factors. These factors include the time of day, device type, location, and more. 

Mobile Device Management (MDM) - Organizations can create and manage personal IoT device policies to help prevent data exfiltration and manage employee mobile devices. This is not limited to only Windows PCs, businesses can enroll and manage macOS, iOS (iPhone/iPad), and Android devices as well. MDM policies tackle a variety of IT-related tasks including resetting a device to its factory settings for distribution to a new employee or remotely wiping an employee’s device if it is lost or stolen to remove all sensitive company data. Compliance profiles allow businesses to enforce security settings such as a PIN code requirement on a device that has access to company data.

BitLocker Encryption - Administrators can leverage BitLocker encryption to provide an additional layer of security. Utilizing a Trusted Platform Module, otherwise known as a TPM Chip, to encrypt data on a device in case a device is lost or stolen. Without the BitLocker key present, the data is unreadable to a 3rd party.

Automatic Updates - Administrators can leverage and configure automatic updates to ensure the latest security features and updates are applied to all employee devices on a defined schedule.

Bolster Your Business’s Security Posture with Microsoft 365 Business Premium’s Built-In Security

Microsoft 365 Business Premium is a cost-effective cloud-based service that improves business collaboration while simultaneously providing convenient built-in security, granting businesses the confidence to operate in an increasingly dangerous digital landscape.

Consider partnering with trusted cloud specialists to ensure Microsoft 365 Business is professionally implemented, managed, and customized to meet all your business’s unique needs.