Are you at risk? Upgrade your M365 Security to protect your business today!

In the past two weeks, a large number of Microsoft 365 customers have received the following email:

If you look at above email, you may tell me that this is not a “real” Microsoft email, and you are right.

This is a phishing email trying to steal your account password.

But, did you know that according to statistics gathered from recent hacks, around 25% of your employees will click on above email and reveal their passwords?

If this happens, your company email, Onedrive or Sharepoint data may be compromised.

Luckily there are several solutions to protect your Microsoft 365 environment, which I will cover below.

Some you can implement already today!


1️⃣ Enable MFA

MFA (Multifactor Authentication) provides a 2nd step authentication, preventing hackers from logging in even if they steal your employees password.

MFA Can be enabled on all Business Basic and Higher plans. See more information here.

2️⃣ Enable Security Defaults

For Microsoft 365 Business or higher plans, you can enable Security Defaults, which is a set of default security settings that will be applied once enabled. These default settings help upgrade your account security by disabling legacy protocols, enabling MFA for admins and more. More information here.

3️⃣ Implement Defender for O365

If you have M365 Business Basic or higher, you can purchase Defender for O365 add on. Defender for O365 provides advanced anti-phishing and anti spam filters, effectively filtering out most of the phishing emails to your staff. Links in emails are checked for malicious content, and are blocked if they pose a threat. More information here.

4️⃣ Upgrade to Business Premium

M356 Business Standard customers can upgrade to Business Premium, which includes even more advanced protection features such as:

  • Endpoint Management – Manage your company devices, make sure they are compliant and protected
  • Conditional Access Policies – Restrict access to M365 only for company managed devices, or only if devices meet certain requirements. Allow access from only work locations.
  • Defender For O365 – Advanced phishing filter
  • Azure AD Plan 1 to set conditional policy to auto enforce MFA for all users

5️⃣Upgrade to Microsoft 365 E5

Microsoft 365 E3 users can upgrade to E5 for even further security enhancements such as:

  • User Identity Protection – Block your users if they suddenly log on to “new” locations.  (For example, if you got hacked, and hackers log on to your M365 from out of Nigeria, your account will be auto blocked)
  • Information Protection – Advanced data labeling and encryption
  • Defender for Endpoint – Antivirus solution for your endpoint devices.

6️⃣Regular Security Reviews

AccessOrange can help you perform a regular security review, to see if any unauthorized account access has taken place. Our regular checks include:

  • Account Delegation Permissions
  • Recently Accessed Mailboxes by Non Owners
  • Setup of Mail Forwarding Rules
  • Administrative Privilege Changes
  • And More

7️⃣Train your Employees

AccessOrange can provide a 1 hour phishing prevention training for your employees.

More information about our training here.

Call Us

AccessOrange is available by phone at the following locations:

Hong Kong:  +852 3500 4288

Singapore: +65 6978 4290

Taiwan:  +886 2 5594 0272

Email Us

You can contact us by e-mail at [email protected] or use the form below:

Fill in the form

  • Hidden
  • This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
  • This field is for validation purposes and should be left unchanged.

Contact Us