What’s included in the Microsoft 365 Security Baseline Pack?
“Out-of-the-box” Microsoft 365 isn’t set up in key areas, especially those which secure your data, so our Baseline Pack remedies that by configuring all of the key features including the login process, sending and receiving emails, and Microsoft Teams. This investment ensures that you’re using all of the features and functionality you’re paying for with Microsoft 365 as well as protecting your business-critical data that is stored within it.
Please hover over the “What is this❔” text for any additional information about each step.
- Configuration of basic settings to disable access that is not needed by most organisations and therefore could pose a security risk. These include enforcing multi-factor authentication to administrator and user logins, disabling logins for shared mailboxes, preventing auto forwarding rules, setting up password synchronisation between on-premise and cloud services as well as configuring Microsoft’s security defaults to block out-dated authentication processes (e.g., IMAP/POP) being used, all of which make your overall Microsoft 365 more secure.
- Configuration of the cyber security solutions included in your Microsoft 365 package, including anti-virus and anti-malware to protect user devices as well as configuring anti-phishing, safe attachment and anti-spam settings.
- Additional email protection (set up of SPF, DKIM and DMARC for example) to prevent common email hacks as well as setting rules for incoming links and attachments to stop any potentially malicious content entering your users’ inboxes.
- Set up of email encryption to allow for manual encryption of emails by end users (emails can be encrypted by clicking Options, located above the Outlook ribbon and selecting Encrypt).
- Configuration of Azure Active Directory which authenticates user logins, which can be used to replace the service of an on-premise server, if required.
- Configuration of security settings for Microsoft Teams to ensure that conversations and files shared on the platform are protected.
- Branding of your Microsoft 365 login page with your logo to help users recognise any potential phishing scams which attempt to get them to login to a fake Microsoft 365 portal.
- All settings checked against Microsoft’s Security Score to ensure all settings have been set up in line with Microsoft’s current recommendations and that security scores are acceptable. In our experience, most organisations will have a security score of 30-40% before our changes and 70-80% after.
- Login access restrictions configured to prevent any logins attempts from outside of the UK, unless specified (e.g., for additional office locations). Please note, access from any other countries (e.g., for holidays) will need be requested via support.
- Application login protection with Multi-Factor Authentication (MFA) and Windows “Hello”, for up to 10 users, to significantly reduce the ability for people to access your system with lost or compromised login credentials. MFA will be configured for each user on a mobile device using the Microsoft Authenticator app, unless requested where an authentication token will need to be purchased. Login to Window’s devices will be protected with “Hello” which will be configured with a 4 digit pin and a step-by-step guide for users to configure facial recognition.
Please note, this does not include:
- InTune mobile phone set up.
- Full conditional access geography restriction or geo-location restrictions.