Blog: Cloud Security Our Microsoft Trainer explains Cloud Security in simple terms

As more and more businesses are moving to the cloud, the misconception that the cloud computing security isn’t safe is slowly going away.

Every organization across the globe prioritises securing its data. When it comes to Microsoft services, cloud security and compliance is the utmost prior concern. Microsoft ensures your data is always secure from every type of attacks.

Using Microsoft cloud security for products: Personal account or work account your data will be always secure. This blog will give you more insight from the perspective of work accounts. The types of security services available on Office 365.

Let’s discuss some types of security services offered by Microsoft on Office 365.

1. Multi-Factor Authentication/2FA:

Multi-Factor authentication adds an additional security layer to the user’s accounts.

When users try to sign in on to their office products the legacy way is to sign in with a username and password. However, when MFA is enabled on a user account it needs approval from the user to proceed with the authentication.

There are various ways through which one can use MFA functionality, The type of authentication modes are:

1. Code on mobile phone/email.
2. Mobile authenticator app.
3. Use a biometric key or hardware token

If you have the least privilege's license even on those accounts MFA can be enabled, also this Microsoft cloud security feature needs to be only enabled by your Company Administrators but cannot be enabled by users. Admins can enable it for an organization by following below steps:

1. Go to the admin center at https://admin.microsoft.com.
2. Select Show All, then choose the Azure Active Directory Admin Center.
3. Select Azure Active Directory, Properties, Manage Security defaults.
4. Under Enable Security defaults, select Yes and then Save.

Once MFA has been enabled by an administrator on user’s accounts. It's the user who will proceed with the setup or registration process of the account.

1. When you sign in to https://office.com, you'll see the More information required prompt. Choose Next.
2. Under Step 1, choose the Mobile app from the Authentication phone drop-down list.
3. How do you want to use the mobile app? select the method you want to use to sign in:
4. Select receive notifications for verification to authenticate directly from your mobile app, which includes fingerprint authentication.
5. Select use verification code to enter a new verification code each time you authenticate.
6. Choose set-up.
7. Leave the configure mobile app window open on your computer.
8. On your mobile device, go to the App Store or Play Store, search for "Microsoft Authenticator " select it, install it, and open it.
9. In Authenticator, follow the prompts to complete the setup, and then choose the plus (+) sign to add your account.
10. Choose work or school account, choose Allow when prompted for permission to take pictures and record video, and then follow the instructions to scan the QR code in the open window on your computer.
11. After the account has been added, choose Got It.
12. On your computer, choose Next, and then choose Next again.
13. Make a note of the code that appears on your mobile device, enter the code on your computer in the box under Step 2, and then choose Verify.
14. In the boxes under Step 3, enter a backup phone number, such as your office number, choose Next, and then choose Done.

2. Enable Ransomware:

Ransomware restricts access to data by encrypting files or locking computer screens. It attempts to extort money from victims by asking for "ransom," usually in form of cryptocurrencies like Bitcoin, in exchange for access to data.

You can protect against ransomware by creating one or more mail flow rules to block file extensions. They are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:

• Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so we'll warn users to not open these files from people they do not know.
  
  
• Block file types that could contain ransomware or other malicious code. We'll start with a common list of executables (listed in the table below). If your organization uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).

To create a mail transport rule, the steps below

1. Go to the Exchange admin center.
2. In the mail flow category, select rules.
3. Select +, and then Create a new rule.
4. Select **** at the bottom of the dialogue box to see the full set of options.
5. Apply the settings in the following table for each rule. Leave the rest of the settings at the default, unless you want to change these.
6. Select Save.

3. Office 365 defender:

Office 365 Defender former name Advanced Threat Protection helps by stopping these malicious links and attachments before they get to your inbox. It opens the attachments and links in a virtual environment and checks for malicious activity before the email gets to your inbox.

It comprises of various cloud security solutions such as:

1. Safe attachments
2. Safe links
3. Spoofing
4. Anti-Phishing attack
5. Anti-Spam

These Microsoft cloud security features ensure the incoming and outgoing emails from organizations are safely sent and deliver to user’s mailboxes.