The management of IT security is an ever-changing landscape as cyber threats continually evolve.
Since 2020, all businesses that have migrated their IT into the world of Microsoft 365, have had “Security Defaults” put in place as a matter of course.
Businesses that have been using Microsoft 365 (previously Office 365) for longer than that, though, need to have some changes made, in order to benefit from the latest security features.
What are Security Defaults?
They a set of policies that are enabled for Microsoft 365 accounts, to provide increased security to individual accounts and to organisations. They mainly affect:
- The way that users access the IT system
- The way that administrators access systems
- Email security – no longer allowing mail to be sent via older email protocols that may be less secure
How are users affected?
Most of the changes are “behind the scenes”, but the key difference for users is that multi-factor authentication is enforced as a matter of course.
This means that when logging in, a password on its own is no longer enough, and a second layer of authentication is needed. This usually means a code from a random number generator app, or a text message.
Some users may see this as an inconvenience but the extra couple of seconds taken to log in is a small price to pay for the extra security that can stop hackers getting into your network. If desired, multi-factor authentication can be set up in such a way that it only prompts for a code when users are not located in a specific location – usually the business premises.
Anything to consider, before switching on Security Defaults?
Yes. If your business uses:
- Old versions of software and / or
- Any devices or software that send emails automatically – such as software packages, website forms or printers that scan to email
then those aspects need to be accommodated. They don’t mean that you can’t or shouldn’t implement Security Defaults – they just mean that some additional configuration may be required (or in some cases, that software needs upgrading to a newer version).
If you have Microsoft 365 accounts and don’t currently have Security Defaults in place, we strongly advise you to change that. In fact, it is expected that the policies will be enforced automatically by Microsoft in the relatively near future, so it makes good sense to set things up sooner rather than later.
To find out more about setting up Security Defaults, or if you have any questions, please give us a call or enter your contact details here.