Microsoft 365 for business security best practices

Tip

This article is for small and medium-sized businesses who have up to 300 users. If you're looking for information for enterprise organizations, see Deploy ransomware protection for your Microsoft 365 tenant. If you're a Microsoft partner, see Resources for Microsoft partners working with small and medium-sized businesses.

Microsoft 365 Business Basic, Standard, and Premium all include antiphishing, antispam, and antimalware protection to protect your email online. Microsoft 365 Business Premium includes even more security capabilities, such as advanced cybersecurity protection for:

• Devices, such as computers, tablets, and phones (also referred to as endpoints)
• Email & collaboration content (such as Office documents)
• Data (encryption, sensitivity labels, and Data Loss Prevention)

This article describes the top 10 ways to secure your business data with Microsoft 365 for business. For more information about what each plan includes, see Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses.

Top 10 ways to secure your business data

The following table summarizes how to secure your data using Microsoft 365 for business.

Best practices and capabilities	Microsoft 365 Business Premium	Microsoft 365 Business Standard	Microsoft 365 Business Basic
1. Use multi-factor authentication (MFA), also known as two-step verification. See Turn on multifactor authentication.
- Security defaults (suitable for most organizations)
- Conditional Access (for more stringent requirements)
2. Set up and protect your administrator accounts. See Protect your admin accounts.
3. Use preset security policies to protect email and collaboration content. See Review and apply preset security policies.
- Anti-spam, anti-malware, and anti-phishing protection for email
- Advanced anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments for email and Office documents
4. Protect all devices, including personal and company devices. See Secure managed and unmanaged devices.
- Microsoft 365 Apps (Word, Excel, PowerPoint, and more) installed on users' computers, phones, and tablets
- Windows 10 or 11 Pro Upgrade from Windows 7 Pro, Windows 8 Pro, or Windows 8.1 Pro
- Advanced threat protection for users' computers, phones, and tablets
5. Train everyone on email best practices. See Protect yourself against phishing and other attacks.
- Anti-spam, anti-malware, and anti-phishing protection for email
- Advanced threat protection for email and Office documents
6. Use Microsoft Teams for collaboration and sharing.
- Microsoft Teams for communication, collaboration, and sharing
- Safe Links & Safe Attachments with Microsoft Teams
- Sensitivity labels for meetings to protect calendar items, Microsoft Teams meetings, and chat
- Data Loss Prevention in Microsoft Teams to safeguard company data
7. Set sharing settings for SharePoint and OneDrive files and folders.
- Safe Links and Safe Attachments for SharePoint and OneDrive
- Sensitivity labels to mark items as sensitive, confidential. etc.
- Data Loss Prevention to safeguard company data
8. Use Microsoft 365 Apps on devices
- Outlook and Web/mobile versions of Microsoft 365 Apps for all users
- Microsoft 365 Apps installed on users' devices
- Employee quick setup guide to help users get set up and running
9. Manage calendar sharing for your business.
- Outlook for email and calendars
- Data Loss Prevention to safeguard company data
10. Maintain your environment by performing tasks, such asl adding or removing users and devices. See Maintain your environment.

For more information about what each plan includes, see Microsoft 365 User Subscription Suites for Small and Medium-sized Businesses.