Office 365 security best practices help organizations mitigate the risks and vulnerabilities associated with migrating your email and other services to Microsoft Office 365. In many cases, the default configurations of Office 365 lower the security of organization and security situational awareness is very difficult to achieve. While the security and configuration to harden an Office 365 environment is extensive, use this checklist to make sure you’re not vulnerable to the most common vulnerabilities that can be exploited by attackers.

Create dedicated administrator accounts

Office 365 administrative accounts include elevated privileges. An administrative account is the most valuable prize for hackers and cyber criminals. Create admin accounts that are only used for administration and do not use these accounts for non-administrative day-to-day use.

Enable multi-factor authentication (MFA) for accounts

MFA is an easy and an effective way to increase the security of your organization. When when you log in, multi-factor authentication means you’ll type a code from your phone before you access to Microsoft 365. Make it a goal to get 100% of your users under MFA.

Enable mailbox auditing

Go to and make sure you can audit logs actions that mailbox owners, delegates, and administrators perform. Only users with E5 licenses or mailboxes where mailbox audit logging was manually enabled by an admin will return mailbox audit log events in audit log searches in the Security & Compliance Center.

Do not password sync on administrative accounts

Azure AD Connect integrates on-premises environments with Azure AD when customers migrate. Microsoft strongly recommends against synchronizing on-premises accounts with pre-existing administrative accounts in Azure Active Directory.

Remove legacy protocols using POP3, IMAP and  SMTP authentication

There are a number of protocols associated with Exchange Online authentication that do not support modern authentication methods with MFA features. These protocols include Post Office Protocol (POP3), Internet Message Access Protocol (IMAP), and Simple Mail Transport Protocol (SMTP). Disable legacy protocols in Azure AD with a Conditional Access policy.

Disable auto-forwarding for email

Attackers who gain access to your mailboxes can exfiltrate mail by configuring a mailbox to automatically forward email.  Disable this capability by creating a mail flow rule in the Exchange admin center.

Train and warn your users of phishing attacks

Every organization should establish and maintain a a strong culture of security awareness, including training users to identify phishing attacks.  Keep users aware by routinely communicating current examples of Office 365 phishing emails.

Watch the watcher

Microsoft provides an extensive list of security best practices for Office 365 and configuring security for it is a complex task. To make this easier, DigitalStakeout offers security threat intelligence that enable a simple view into the security events in Office 365.

cloud app security o365 feed

With the DigitalStakeout’s Microsoft Cloud App Security Monitor, you will have immediate and normalized access to Microsoft Azure, Office 365, Defender ATP, SharePoint and Exchange audit logs (real-time and historical) without the need for a SIEM. With CAS Monitor, you will be able to rapidly investigate, detect and alarm on high risk events in Office 365 that require immediate action to mitigate threats to your Office 365 environment.

Request a Get a Demo of DigitalStakeout Scout with Microsoft Cloud App Security Monitor.