Nov 2024
Enhancing security in your M365 tenant
From December 2nd 2024, Microsoft will enable security defaults for all new Microsoft 365 tenants by default. For existing tenants, this change will roll out in January 2025. Here’s what that means, why it’s significant, and how organisations can enhance their M365 tenant security beyond these defaults.
Solutions Engineer
What are Microsoft’s security defaults?
Security defaults are a set of basic identity security features designed to protect organisations from common threats like phishing and brute-force attacks. By enabling security defaults, Microsoft ensures that all tenants benefit from features such as:
- Multi-Factor Authentication (MFA) for all users
- Blocking legacy authentication protocols that are more vulnerable to attacks
- Protecting privileged accounts with stricter security policies.
This update eliminates the need for organisations to manually enable these features, fostering stronger baseline security for all.
Why they are a good step but not a complete solution
While security defaults provide a significant improvement for tenants that may not have implemented any security measures, they come with limitations:
- Lack of customisation:
Security defaults apply universal settings, which might not fit the specific needs of more complex organisations
- No granular control:
Organisations cannot define conditional access policies for specific users, locations, or apps
- Inflexibility for advanced security needs:
Security defaults do not support advanced scenarios like device compliance or integration with third-party apps.
For businesses with diverse user bases and complex security requirements, security defaults may be too rigid to fully address their needs.
Enhancing security for Microsoft 365 users
To go beyond the basics, organisations should consider the following:
- Implement conditional access (CA) Policies:
Conditional access provides advanced controls based on user, location, device state, and app risk. This allows for a tailored approach, ensuring better protection without sacrificing usability
- Invest in Entra ID (Azure AD) Premium P1 or P2:
P1: Enables essential features like conditional access and dynamic groups, making it suitable for most small and medium-sized businesses.
P2: Offers advanced features such as identity protection and privileged identity management, ideal for organisations requiring rigorous security and compliance.
- Consider a CA Trial:
Microsoft often offers free trials for conditional access policies, allowing organisations to explore the benefits before committing to Entra P1 or P2.
Improving security in your organisation
If you’re eager to strengthen your organisation’s security, consider these steps:
- Explore a free conditional access trial:
Test the benefits of advanced security settings with a no-commitment trial of conditional access features.
2. Consult with modern workplace specialists: Partnering with experts can help you assess your current environment, recommend the right combination of tools and strategies for your needs, and implement tailored security measures.
The automatic enablement of security defaults is a positive move to protect organisations against common threats. However, to achieve comprehensive security, businesses should explore advanced features like conditional access and Entra P1/P2. Proactively investing in these tools and seeking expert guidance can ensure a secure, flexible, and user-friendly Microsoft 365 environment.
For further assistance, reach out to our modern workplace specialists today at info@waterstons.com