Secure your business data with Microsoft 365 for business
Applies to
- Microsoft 365 Business Basic
- Microsoft 365 Business Standard
- Microsoft 365 Business Premium
Tip
This article is designed for small and medium-sized businesses who have up to 300 users. If you're looking for information for enterprise organizations, see Deploy ransomware protection for your Microsoft 365 tenant.
Microsoft 365 for business plans, such as Microsoft 365 Business Basic, Standard, and Premium, include security capabilities, such as antiphishing, antispam, and antimalware protection. Microsoft 365 Business Premium includes even more capabilities, such as device security, advanced threat protection, and information protection. This article describes how to secure your data with Microsoft 365 for business. This article also includes information to compare capabilities across Microsoft 365 for business plans.
Secure your business data
Step | Task | Description |
---|---|---|
1 | Use multi-factor authentication. | Multi-factor authentication (MFA), also known as two-step verification, requires people to use a code or authentication app on their phone to sign into Microsoft 365, and is a critical first step to protecting your business data. Using MFA can prevent hackers from taking over if they know your password. Security defaults can simplify the process of enabling MFA. See security defaults and MFA. |
2 | Protect your administrator accounts. | Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. You'll need to set up and manage the right number of admin and user accounts for your business. We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs. See Protect your administrator accounts. |
3 | Use preset security policies. | Your subscription includes preset security policies that use recommended settings for anti-spam, anti-malware, and anti-phishing protection. See Protect against malware and other cyberthreats. |
4 | Protect all devices. | Every device is a possible attack avenue into your network and must be configured properly, even those devices that are personally owned but used for work. See the following articles: - Help users set up MFA on their devices - Protect unmanaged Windows and Mac computers - Set up managed devices (requires Microsoft 365 Business Premium or Microsoft Defender for Business) |
5 | Train everyone on email best practices. | Email can contain malicious attacks cloaked as harmless communications. Email systems are especially vulnerable, because email is handled by everyone in the organization, and safety relies on humans making consistently good decisions with those communications. Train everyone to know what to watch for spam or junk mail, phishing attempts, spoofing, and malware in their email. See Protect yourself against phishing and other attacks. |
6 | Use Microsoft Teams for collaboration and sharing. | The best way to collaborate and share securely is to use Microsoft Teams. With Microsoft Teams, all your files and communications are in a protected environment and aren't being stored in unsafe ways outside of it. See the following articles: - Use Microsoft Teams for collaboration - Set up meetings with Microsoft Teams - Share files and videos in a safe environment |
7 | Set sharing settings for SharePoint and OneDrive files and folders. | Your default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. We recommend reviewing and if necessary, changing the default settings to better protect your business. Grant people only the access they need to do their jobs. See Set sharing settings for SharePoint and OneDrive files and folders. |
8 | Use Microsoft 365 Apps on devices. | Outlook and Microsoft 365 Apps (also referred to as Office apps) enable people to work productively and more securely across devices. Whether you're using the web or desktop version of an app, you can start a document on one device, and pick it up later on another device. Instead of sending files as email attachments, you can share links to documents that are stored in SharePoint or OneDrive. See the following articles: - Install Office apps on all devices. - Train your users on Office and Microsoft 365 |
9 | Manage calendar sharing for your business. | You can help people in your organization share their calendars appropriately for better collaboration. You can manage what level of detail they can share, such as by limiting the details that are shared to free/busy times only. See Manage calendar sharing. |
10 | Maintain your environment. | After your initial setup and configuration of Microsoft 365 for business is complete, your organization needs a maintenance and operations plan. As employees come and go, you'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. You'll also want to make sure people have only the access they need to do their jobs. See Maintain your environment. |
Comparing Microsoft 365 for business plans
Microsoft 365 for business plans include Microsoft Exchange, Microsoft Teams, SharePoint, and OneDrive for secure email, collaboration, and file storage. These plans also include baseline antiphishing, antimalware, and antispam protection. With Microsoft 365 Business Premium, you get more capabilities, such as device management, advanced threat protection, and information protection. The following table compares capabilities in Microsoft 365 for business plans.
Capability | Microsoft 365 Business Basic | Microsoft 365 Business Standard | Microsoft 365 Business Premium |
---|---|---|---|
Outlook and Web/mobile versions of Office apps Word, Excel, and PowerPoint |
![]() |
![]() |
![]() |
Desktop versions of Office apps Word, Excel, PowerPoint, Publisher, and Access [See note 1] |
![]() |
![]() |
|
Secure communication, collaboration, and file storage Microsoft Teams, Exchange, OneDrive, and SharePoint |
![]() |
![]() |
![]() |
Antispam, antiphishing, and antimalware protection for email Exchange Online Protection overview |
![]() |
![]() |
![]() |
Mobile device management and mobile app management Microsoft Intune |
See note [2] | See note [2] | ![]() |
Advanced device security with next-generation protection, firewall, attack surface reduction, automated investigation and response, and more Defender for Business |
See note [3] | See note [3] | ![]() |
Advanced protection for email and documents with advanced anti-phishing, Safe Links, Safe Attachments, and real-time detections Microsoft Defender for Office 365 Plan 1 |
See note [4] | See note [4] | ![]() |
Information protection capabilities to discover, classify, protect, and govern sensitive information Azure Information Protection |
![]() |
(1) Microsoft Publisher and Microsoft Access run on Windows laptops and desktops only.
(2) Microsoft Intune is included with certain Microsoft 365 plans, such as Microsoft 365 Business Premium. Basic Mobility and Security capabilities are included in Microsoft 365 Business Basic and Standard. Choose between Basic Mobility and Security or Intune.
(3) Defender for Business is included in Microsoft 365 Business Premium. Defender for Business can also be added on to Microsoft 365 Business Basic or Standard. See Get Defender for Business.
(4) Defender for Office 365 Plan 1 is included in Microsoft 365 Business Premium. Defender for Office 365 Plan 1 can also be added on to Microsoft 365 Business Basic or Standard. See Defender for Office 365 Plan 1 and Plan 2.
Tip
For more information about what each plan includes, see Reimagine productivity with Microsoft 365 and Microsoft Teams.
See also
- What is Defender for Business?
- Microsoft 365 Business Premium—cybersecurity for small business
- Compare security features in Microsoft 365 plans for small and medium-sized businesses (for more details about Defender for Business and Microsoft 365 Business Premium)
- Compare Microsoft endpoint security plans (for securing and managing devices)
Feedback
Submit and view feedback for