Top Email Security Best Practices for Office 365

By Carla Barata • July 12, 2018

If you are using or considering moving to Office 365, you need to think about how to protect your email against today’s advanced email threats. Transitioning to the cloud, and particularly to a service that is constantly under threats due to its very large footprint, means involving a plan to upgrade your email security level. The last thing you want is to leave your account vulnerable and at risk of a data breach.

To minimize the potential of a compromised account, you need to learn how to prioritize threats and strategize how to implement features and controls. While Office 365 comes with standard built-in data protection, you may find they’re not enough to secure the platform from current threats, and you will need to find added layers of security that Microsoft is not able to offer with their standard product. From assessing the risk to implementing security and compliance controls for upgrading your email security level, here are the top email security best practices for Office 365:

Turn On Mailbox Auditing in Office 365

You need visibility into user activities to help you gain control over business-critical data. Turn on mailbox audit logging because it’s not turned on by default and therefore, will not appear in the results when you search the audit log for mailbox activity. By turning on mailbox audit logging, you can log mailbox access by mailbox owners, delegates, and administrators. You can now find out who logs into user mailboxes, sends messages, and other activities.

Enforce Strong Password Policies

Administrators should put strict password creation policies in place. Weak or previously used passwords should not be accepted. Experts agree that a secure password should consist of no less than six characters and should be a combination of letters, numbers, and symbols. They should also be case-sensitive. Avoid any of the most-used or predictable passwords such as your birthday or pet’s name.

Enable Multi-Factor Authentication

Multi-factor authentication (MFA) gives you an extra layer of defense by complementing a robust password strategy with additional acknowledgment via text message, phone call, or an app notification. With MFA in place, it’s not enough that a hacker has stolen or compromised your password; they would also need access to your trusted device.

Secure Email Content with Multiple Antivirus Engines

To increase detection and prevent threats, use other products that ensure you multiple antivirus engines, for instance using endpoint systems or email gateways.


Enable Alerts Through Office 365 Cloud App Security

Enable alerts to monitor suspicious activity such as repeated failed sign-in attempts, unusually large data downloads, or sign-ins from unknown IP addresses. Because you’re alerted of anomalous activity, you can quickly act on it before it’s too late.


Complement Office 365 with added, dedicated, email security

An added layer of security, preferably using distinct technologies (AntiVirus, Sandbox, Reputation Blocklists) and with added visibility on all the filtering and managing aspects of such a critical infrastructure is a very common approach for businesses with some dimension, which need to guarantee all bad email (Phishing, Malware) is kept out of their employees mailboxes, as well as ensuring control protection for data leakage.


AnubisNetworks Mail Protection Service (MPS) Integrates seamlessly with Office 365, delivering a security ecosystem that permanently monitors the world for botnets, IP reputation, email phishing, and malware campaigns. It allows you to set Anti-Botnet, Email Routing, and Control features and communicates with all MPS edge filters, delivering real-time proactive malware prevention. And to maintain your network reputation, it ensures the only legitimate email is received and provided.   

Request Product Demo Now