A critical part of running your business these days is doing so securely. Fortunately, Microsoft 365 gives you a lot of tools to help you do that and it's easy to turn them on.

Illustration of a safe and files

Click the headings below for more information 

If criminals get the username and password of you or one of your team, they'll try to sign into your system to see what they can take. Using multifactor authentication makes it much harder for them to get in, even if they do have your username and password.

Want to know more about multifactor authentication? See What is: Multifactor Authentication.

To confirm multifactor authentication is on:

  1. Go to the Microsoft 365 admin center at https://admin.microsoft.com

  2. Select Show all, then All admin centers to display the additional admin centers, and then select Microsoft Entra.The admin centers menu in Microsoft 365 with the Azure Active Directory admin center highlighted.

  3. Select Identity from the navigation on the left, then Properties.The properties item in the Azure Active Directory (AAD) admin center.

  4. Select Manage security defaults from the bottom of the page.The Azure Active Directory tenant properties screen with the Manage security defaults link highlighted.

  5. On the panel that opens to the right, Enabled (recommended) should be select. If not, select it from the menu and then select Save.The enable security defaults dialog of the Azure Active Directory properties.

If you have to enable the setting, the next time you sign into Microsoft 365 you'll be prompted to set up the Microsoft Authenticator app as a second factor. It should take just a couple of minutes to download and set up the app on your Android or iPhone. Once it's set up, you're all set. For more details on how to do it see Set up Security info from a sign-in page.

For regular users it should rarely ask for the second factor when they sign into the device they always sign into. For admin users it may ask a little more often due to the sensitive nature of an admin account.

Phishing messages are often cleverly disguised to look like a message from a person or organization you trust. If you do a lot of business with alexw@contoso.com you're inclined to trust Alex and you might not notice if a message came in from alexw@contos0.com during a busy day.

Microsoft 365 can add a safety tip to that message alerting you that this is a new sender, and that might give you a chance to pause and recognize that this message is from an imposter.

A safety tag on an email message indicating that you don't often receive email from that sender.

To turn on the first contact safety tip.

  1. In your browser sign into https://security.microsoft.com/antiphishing.

  2. Select the default anti-phishing policy from the list.

  3. Select Edit actions The anti-phishing policy actions panel with an arrow pointing to the Edit actions link.

  4. Select the check box for Show first contact safety tip.The anti-phishing actions panel, with the Show first contact safety tip option highlighted.

  5. Select Save.

Microsoft 365 has a set of security features that can help protect your business and to make it easier for you to turn them on we've packaged them as a set that you can turn on together.

  1. Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.

  2. Under Email & Collaboration go to Policies & Rules > Threat policies > Preset Security Policies in the Templated policies section.

  3. On the Preset security policies page, in the Standard card, select Manage protection settings.The preset security policies dialog with the Manage protection settings link under Standard protection highlighted.

  4. The Apply standard protection wizard starts in a flyout. On the Exchange Online Protection page select All recipients. You want these protections to apply to everyone in your business. Then select Next.The Apply standard wizard showing the screen where you select which recipients to apply Exchange Online protection to.

  5. Leave the setting to Turn on the policy after I finish so that the settings will take effect right away and select Next.

  6. Review your settings and select Confirm to finish.

Get expert advice, dedicated support and personalized guidance from business specialists. With Business Assist, get help making Microsoft 365 products work for you and everyone in your business.Learn More

Learn more

Microsoft security help and learning

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.