5 common cyber security mistakes in Microsoft 365

5 common cyber security mistakes in Microsoft 365

In our experiences working with a diverse range of clients at RODIN, from law firms to automotive companies, we’ve seen Microsoft 365 emerge as a pivotal tool in creating modern and productive workplaces. At the same time, we see many organisations that overlook the full suite of security features available. It’s a fair mistake; Microsoft 365 offers varying subscription models depending on your needs, each with different security features.

Understanding and implementing the breadth of security features offered by Microsoft 365 can strengthen your security posture and prevent some of the most basic attacks, such as those that arise from stolen credentials. Here are five common cyber security mistakes we see in Microsoft 365 and how we address them.

1. Misunderstanding security controls for Microsoft 365 subscriptions

It is important to note that not all subscriptions will offer the same cyber security features. We believe that optimising Microsoft 365 security starts with understanding what is available as part of your subscription. A few points you should know include:

Microsoft Entra ID Premium subscriptions

Microsoft Entra ID is available in two premium subscription levels: P1 and P2. Entra ID P1 offers a foundational level of security features, while Entra ID P2 expands upon these with additional capabilities, including:

  1. Microsoft Entra multi-factor authentication (MFA) registration policy: This policy mandates that all new users set up MFA at their first login; people cannot bypass this step.
  2. Sign-in risk policies: Assesses the risk level of user sign-ins. High-risk sign-ins result in a block, while medium-risk sign-ins prompt for MFA.
  3. User risk policies: These policies evaluate the risk level of users. High-risk users are blocked, and medium-risk users must reset their passwords.
  4. Privileged identity management: This feature manages, controls, and monitors access within Azure AD.
  5. Advanced threat analytics: This tool provides an additional layer of security against sophisticated threats by detecting suspicious activity.

We recommend using Entra ID P2. Without it, your organisation cannot enforce MFA for all users and risky user sign-ins may get overlooked.

Microsoft 365 Business Standard and Business Premium subscriptions

These subscriptions mainly apply to organisations with fewer than 300 users. Here are the key differences between these subscriptions.

Microsoft Business Standard: This subscription primarily focuses on email security with basic features such as anti-phishing, anti-spam, and anti-malware protection. If your organisation still uses Business Standard, your business lacks the ability to enforce fundamental security controls that significantly reduce the chances of a breach.

Microsoft Business Premium: In addition to the features offered in Business Standard, Business Premium includes Entra ID Premium, Advanced Threat Protection, Azure Information Protection, and Intune. These additional features provide a more comprehensive security foundation by providing the advanced protection and device management most organisations need as a baseline.

2. Leaving Microsoft 365 security controls turned off

Microsoft 365 includes various security controls, but some are not automatically active. Working with a partner who understands these capabilities inside out can ensure you implement the right controls.

We have a comprehensive list of controls we go through, but a few of the key ones include:

  1. Microsoft Entra MFA registration policy: Activating this ensures that all new users set up MFA at their first login, a critical step in securing user accounts.
  2. MFA enforced for guests and during Intune Enrollment: Adds another layer of security for guest users and devices accessing your network.
  3. Turn on the expiration period for ‘Anyone’ links: Anonymously shared links via Teams, SharePoint, and OneDrive can create considerable risks. Organisations should set these links to expire after 14 days.
  4. Set organisation-level external sharing settings: Configure this to allow staff to share files only with new and existing guests, not anonymously with anyone. This control prevents unauthorised access to your organisation’s data.

Not fully using security controls leaves your organisation vulnerable to avoidable risks. Regularly reviewing and updating your settings helps your organisation maintain a secure and resilient Microsoft 365 environment.

3. Overlooking identity and device management

Many people today use mobile devices to work, such as phones, tablets and laptops. There are two main ways to secure mobile devices associated with your organisation:

Mobile Application Management (MAM) secures data at the app level, allowing a company to protect sensitive information in specific apps on staff devices. For organisations that use a Bring-Your-Own-Device (BYOD) policy, MAM protects data without restricting people’s activities in their personal time. IT departments can also remotely delete corporate data from apps if someone leaves the business or loses their device.

Mobile Device Management (MDM) controls the entire device, making it more suited for company-owned devices. While offering more comprehensive control, MDM can be intrusive on personal devices. 

4. Overlooking geoblocking capabilities

Stolen or compromised credentials accounted for 29% of data breaches from malicious or criminal attacks between January and June 2023. Geoblocking prevents cyber attacks like these by stopping people from signing into Microsoft 365 outside a company’s region, even with legitimate credentials. For example, a foreign threat actor attempting to breach an Australian company with stolen credentials would be denied access. 

That also means geoblocking will prevent legitimate users from logging into accounts when travelling outside your company’s region. The organisation can grant temporary access to employees travelling abroad by submitting a helpdesk request. As such, you can monitor and control access to your business resources outside Australia.

Geoblocking is an effective way to reduce the risk of international cyber threats. However, it should be part of a broader security strategy within Microsoft 365, not the sole defence measure.

Breakdown of cyber incidents from malicious or criminal attacks (January to June 2023)

Source: OAIC.

5. Neglecting regular user training

People lacking adequate training and without the right knowledge can easily fall for phishing attacks or may unintentionally disclose sensitive information. As such, a common cyber security mistake we see is a lack of training on using Microsoft 365 securely. Such training equips staff with the knowledge and skills to identify cyber threats and reduce their chances of causing an incident via human error.

Regular training sessions should focus on general cyber security awareness and working safely in Microsoft 365. People should understand how to use these features effectively to protect their data and the organisation’s digital assets. Training should cover topics like safe email practices, recognising phishing attempts, and setting up MFA.


Microsoft 365 includes various cyber security controls, but these do not always apply automatically and differ depending on your subscription. In addition to implementing the right controls, it is best practice to educate users on implementing features such as MFA and ensure they can recognise any suspicious activity. Tools such as geoblocking and Entra ID can restrict suspicious logins to reduce the chances of a threat actor successfully breaching your business with legitimate login details. Finally, it is essential to revisit your Microsoft 365 security controls regularly to protect against new threats.

RODIN can apply the right cyber security controls in Microsoft 365

Navigating the latest updates and applying the right security controls in your business might seem complex, but RODIN can assist. As a certified Solutions Partner, we help you get the most from your subscription and activate the right security features across your organisation. We understand that security measures should not hinder productivity and will minimise the impact on your users and operations. Visit our Cyber Security Services page to start your journey.

Subscribe to Our Newsletter

Sign up to receive all the latest news updates straight into your inbox.

"*" indicates required fields