Office 365 Security and Compliance Admin Center – 3 Reasons Why It’s Important

Data Governance, Threat Protection, and Search and Investigation

While we all know that Microsoft isn’t known for their security (initially), they are known for improving their products from a functionality, feature and of course security perspective over time.

As I have conversations with IT Teams and businesses, one of the first things I ask about is their email system. This is because email is one of the most common threat vectors for an attack. Once I find out what they are using then I ask follow on questions. Well if you are using O365 then expect me to ask you, “What is your “Secure Score”?

Microsoft has built in a scoring system that gives everyone an immediate idea of how secure their email system is. There are obviously many other components to email security than what is in the O365 Admin Center but what a great first glimpse into your own email security.

The next steps are to start to implement the actions available to you within your O365 instance. Many items are MS related and recommend MS solutions. I advise every customer to evaluate what makes the most sense for your organization. Yes, you can use all of the Microsoft suggestions and improve your overall posture but what you will find is that most suggestions do not cover all aspects of your security and will require or only address Microsoft security and/or products. Pay attention to the details!

I wanted to touch on 3 areas of the Security and Compliance Admin Center that I find to be invaluable. There are many components and features and it continues to expand so pay attention to your Secure Score every month!

Data Governance

Do you and your employees understand the different types of data in your organization? Wouldn’t it be great if it was automatically categorized for you? What about automatically deleting data that did not need to be retained? What about a disposition review after a certain time frame? Or just setting it to delete after a certain amount of time regardless of disposition? These are ALL features under the Data Governance console that you can perform to ensure you are protecting and handling information as needed by your organization.

Threat Protection

Anti-Phishing, Anti-Spam and Anti-Malware are among some of the advanced threat protection features now available in O365. Of the 3 the most intriguing to me is the Anti-phishing feature which includes the ability to identify the staff on your team that are most likely to be the target or spoofed entity of a phishing attack.

Search and Investigation

Finally, the ability to do very refined searches across multiple Microsoft products and the ability to manage who has access to the data being searched. The features behind this truly make it a powerful option when trying to discern a breach, insider threat or just bad behavior.