November 25, 2020
min read

Every IT shop worth its salt has at least a few layers of security – anti-virus/anti-malware, firewalls, and maybe some intrusion detection and prevention systems. However, Microsoft 365 adds an array of SaaS-specific openings that hackers are more than happy to exploit.

Did you know that:

  • 4% of critical data is in Office Docs
  • 25% of phishing attacks bypass Microsoft 365 security
  • 40% of Microsoft 365 shops suffer compromised credentials?

This is why Microsoft 365-specific security is so crucial – and why M365 security solutions exist.

Why is M365 Security Its Own Category?

Virtually all organizations have basic security protections – but nothing for Microsoft 365-specific security issues. The basic tools they have make them feel safe. Meanwhile, larger shops likely have defense-in-depth for general security and compliance and regulatory controls and solutions – but again, nothing for Office-365 specific security and compliance concerns.

More experienced organizations know M365 threats exists, but not exactly where they are or how to address them. The results can be disaster. A survey of 27 million users across 600 enterprises found that 71.4% of Microsoft 365 business users suffer at least one compromised account each month.

Microsoft 365 Vulnerabilities and Issues

The fact is, Microsoft 365 applications come with some inherent vulnerabilities, especially when admins do not follow proper security measures, and rely entirely on non-Microsoft 365-specific security solutions.

This is all a thorn in the side of Microsoft 365 IT pros. Osterman Research surveyed Microsoft 365 IT managers and found these pain points and areas of administrative weakness:

  • “Monitor for and block access from compromised accounts. 80% responded yes.
  • Audit, manage and control privileged access into Microsoft 365 applications. 71% responded yes.
  • The ability to centrally manage security policies across all communication channels, both within Microsoft 365 and on other platforms. 57% responded yes.”

Microsoft 365-Specific Security Best Practices

Key Microsoft 365 security best practices include password policy, multi-factor authentication, mailbox security, and file storage security. Proactively establishing best practices in these areas dramatically reduces security risks.

Ensuring that administrative privileges are limited to those that absolutely need them is critical to a safe Microsoft 365 environment. An internal threat, such as a disgruntled employee with access to global admin privileges, is a major risk that can be prevented simply by limiting the number of users with admin privileges — and restricting the scope of those permissions.

Monitoring employee activities such as their mailbox practices can identify risky behavior and proactively secure business-critical data. Preventing risky activities such as auto-forwarding to external email addresses and limiting access rights to other users’ mailboxes can prevent the spread of malware and the leakage of data through emails. In addition, being aware of unusual email activity prevents targeted spam or social engineering tactics common among today’s cybersecurity threats.


  1. You can produce a log in seconds for every administrative action taken in Microsoft 365 since the platform was initiated. (If a bank teller has a transaction log of every deposit and withdrawal, why don’t you have this for M365?)
  2. Every time an employee leaves the organization, IT runs an audit report of every file accessed for the past x days. And…
  3. Whenever malware or leaked credentials are detected on an employee device, IT runs an audit of every action taken by that user in M365 since malware was detected, which also checks for Trojan horses/ransomware/configuration changes.
  4. IT not only knows where M365 attacks are coming from, but whom they are targeting, how the targets are configured, and if successful, all actions that were taken.
  5. IT has a fully-deployed least privilege access model for Microsoft 365. And IT can describe precisely what functions those operators can perform, and how they are scoped.
  6. IT can perform (report/alert/fix) desired configuration management at the account/device level in Microsoft 365.
  7. IT knows how their M365 configuration security posture compares with their peers, and how their Microsoft 365 Secure Score is trending over time.


CoreView offers deep Microsoft 365-specific security protection, governance and compliance. Learn how we help with a personalized CoreView demo.

Get a personalized demo today

Created by M365 experts, for M365 experts.