Microsoft Security – Insights and Best Practices

Why is Microsoft security so crucial today?

Microsoft offers many products as a powerful platform for cloud collaboration and productivity. But with increasing use, risks also grow: unclean configurations, uncontrolled guest access, lack of compliance processes, or unrecognized security gaps.

This article highlights important measures, tools, and best practices for protecting your Microsoft environment, especially if you regularly work with external guests.

Our customer case story with GROB, an international machine manufacturer with more than 7,000 employees, takes a look at thow to securely invite and onboard new guest users.

Compliance and licensing: Why is this important?

As a first step towards more compliance, it is important to realize how different Microsoft licenses offer varying levels of protection and compliance capabilities. Microsoft’s compliance tools managing data residency, privacy, and retention policies need to be configured properly in order to follow GDPR, HIPAA, and other regulations.

Pain point for administrators: An incorrectly licensed or misconfigured tenant can quickly lead to compliance risks, audit issues, and security vulnerabilities.

Microsoft features and tools for more security: Which tools should you know?

Microsoft’s products come with several out-of-the-box security tools, such as Microsoft Defender, Intune, and Sentinel.

• Defender provides advanced protection against security risks.
• Microsoft Intune monitors device security and enforces policies.
• Sentinel provides security analytics to detect and respond to threats.

These tools form the foundation of a secure Microsoft 365 environment, provided they are configured correctly.

Security audits: How do you check whether your environment is secure?

Regular security audits should be an important part of Microsoft security. Successful audits include:

• Evaluating current configurations
• Identifying vulnerabilities
• Compliance with security policies

Microsoft offers the Secure Score in Microsoft Defender, which provides an overall security assessment and recommendations to improve security. Secure Score recommendations may involve, for example, closing management ports or enabling multi-factor authentication.

Administration of Microsoft Teams: What role does governance play?

Managing Microsoft Teams, as the central powerhouse of many organizations’ Microsoft environment, plays a huge part in keeping your environment secure.

Administrators should:

• Check security settings
• Control access rights
• Keep an eye on data protection
• Aim for strong Microsoft Teams governance

Security measures for remote work: What do you need to consider?

With the rise of remote work, admins need to offer secure remote access to Microsoft environments.

Essentials:

• Enable multi-factor authentication (MFA)
• Define secure access policies to protect against unauthorized access
• Use tools such as Microsoft Endpoint Manager and Intune to manage and secure remote devices

This protects against unauthorized access and helps detect compromised devices early on.

How to handle phishing emails?

Recognizing phishing emails

Phishing emails are a primary method for cybercriminals to compromise accounts and systems. Such emails often contain malicious links or attachments that, when clicked, can install malware or capture sensitive information. Microsoft offers tools such as:

• Anti-phishing protection
• Safe Links

These tools can detect and block threats. Safe Links scans URLs in emails and documents to check for malicious links and protects users even after the email has been sent.

Implementing anti-phishing measures

Anti-phishing protection in Microsoft Defender analyzes headers, URLs, and content to block suspicious messages.

Training and awareness

Regular training and simulated phishing attacks help users recognize risks. Microsoft offers tools for reporting suspicious emails so that security teams can respond more quickly.

What happens if a guest user receives a phishing email and clicks on the link?

If a guest user receives a phishing email and clicks on the link, they may not only expose their own account or device to hackers, but also compromise the security of your organization!

A phishing link can trick the guest user into:

• Granting access to their Microsoft account
• Sharing sensitive information or files with the attacker

In such a case, the guest user may grant the attacker access to your organization’s data or systems.

How to prevent phishing attacks on guest users?

In addition to the usual security measures, there are options specifically for working with guest users to increase security:

1. Entra (Azure Active Directory, Azure AD)
   • Manage and monitor guest user access and activities
   • Define security policies
   • Enforce compliance
2. Microsoft Cloud App Security
   • Detect and respond to abnormal or risky behavior by guest users
   • Apply data loss prevention (DLP) policies
3. External User Manager
   • Control guest access
   • Automate workflows
   • Allow only authorized guests

What are the risks of outdated tenant access for partners or consultants?

Once a collaboration project has been concluded, external partners or consultants should no longer have access to your tenant. Otherwise, this can result in:

• Security risks
• Compliance issues
• Potential data leaks

Here is a guideline on how to secure your environment when working with external guests.

How do you protect your environment when collaborating externally?

Here are the most important steps:

1. Regular audits

Regularly review all user accounts, focusing in particular on guest users. Who has access? Is it still necessary?

2. Access reviews

Implement access reviews in Entra/Azure AD to regularly check and confirm whether guest users still need access.

3. Automated expiry policies

Use automated policies that set expiration dates for guest access.

4. Monitor and manage external collaborations

Use tools like Microsoft 365’s audit logs and reports to monitor activities of guest users.

5. Educate administrators and users

Train administrators and users on best practices for managing guest access, including how to revoke access when it is no longer needed.

6. Automate these tasks to reduce human error

… with External User Manager. Create automated workflows for invitations, access reviews and removing guests from your tenant after collaboration.

What are Microsoft Security Defaults?

Security Defaults are basic identity security mechanisms recommended and provided by Microsoft that protect your users and administrators from identity-related attacks. They include:

• Blocking insecure authentication protocols
• Conditional access
• MFA for registration and use

More information about Security Defaults is included in our blog post about Microsoft Teams Security Configurations.

Microsoft security with External User Manager

One of the most common security issues is managing external user access. As a Microsoft admin, you should consider using External User Manager to protect your environment.

The app offers:

• A comprehensive dashboard that allows admins to view and manage all M365 guests.
• Identity and access management features
• Automated workflows and notifications

External User Manager is an essential solution for any admin aiming to improve Microsoft security and efficient access management in their tenant.

Book a free demo to find out how it can help you!

Get control over guests in Microsoft: