Microsoft 365 for business security best practices

Tip

This article is for small and medium-sized businesses who have up to 300 users. If you're looking for information for enterprise organizations, see Deploy ransomware protection for your Microsoft 365 tenant. If you're a Microsoft partner, see Resources for Microsoft partners working with small and medium-sized businesses.

Microsoft 365 Business Basic, Standard, and Premium all include antiphishing, antispam, and antimalware protection to protect your email online. Microsoft 365 Business Premium includes even more security capabilities, such as advanced cybersecurity protection for:

  • Devices, such as computers, tablets, and phones (also referred to as endpoints)
  • Email & collaboration content (such as Office documents)
  • Data (encryption, sensitivity labels, and Data Loss Prevention)

This article describes the top 10 ways to secure your business data with Microsoft 365 for business. For more information about what each plan includes, see Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses.

Top 10 ways to secure your business data

Diagram listing the top 10 ways to secure business data with Microsoft 365 for business

The following table summarizes how to secure your data using Microsoft 365 for business.

Best practices and capabilities Microsoft 365 Business Premium Microsoft 365 Business Standard Microsoft 365 Business Basic
1. Use multi-factor authentication (MFA), also known as two-step verification. See Turn on multifactor authentication. Included Included Included
- Security defaults (suitable for most organizations) Included Included Included
- Conditional Access (for more stringent requirements) Included
2. Set up and protect your administrator accounts. See Protect your admin accounts. Included Included Included
3. Use preset security policies to protect email and collaboration content. See Review and apply preset security policies. Included Included Included
- Anti-spam, anti-malware, and anti-phishing protection for email Included Included Included
- Advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments for email and Office documents Included
4. Protect all devices, including personal and company devices. See Secure managed and unmanaged devices. Included
- Microsoft 365 Apps (Word, Excel, PowerPoint, and more) installed on users' computers, phones, and tablets Included Included
- Windows 10 or 11 Pro Upgrade from Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro Included
- Advanced threat protection for users' computers, phones, and tablets Included
5. Train everyone on email best practices. See Protect yourself against phishing and other attacks. Included Included Included
- Anti-spam, anti-malware, and anti-phishing protection for email Included Included Included
- Advanced threat protection for email and Office documents Included
6. Use Microsoft Teams for collaboration and sharing. Included Included Included
- Microsoft Teams for communication, collaboration, and sharing Included Included Included
- Safe Links & Safe Attachments with Microsoft Teams Included
- Sensitivity labels for meetings to protect calendar items, Microsoft Teams meetings, and chat Included
- Data Loss Prevention in Microsoft Teams to safeguard company data Included
7. Set sharing settings for SharePoint and OneDrive files and folders. Included Included Included
- Safe Links and Safe Attachments for SharePoint and OneDrive Included
- Sensitivity labels to mark items as sensitive, confidential. etc. Included
- Data Loss Prevention to safeguard company data Included
8. Use Microsoft 365 Apps on devices Included Included
- Outlook and Web/mobile versions of Microsoft 365 Apps for all users Included Included Included
- Microsoft 365 Apps installed on users' devices Included Included
- Employee quick setup guide to help users get set up and running Included Included Included
9. Manage calendar sharing for your business. Included Included Included
- Outlook for email and calendars Included Included Included
- Data Loss Prevention to safeguard company data Included
10. Maintain your environment by performing tasks, such asl adding or removing users and devices. See Maintain your environment. Included Included Included

For more information about what each plan includes, see Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses.