Microsoft 365 – Should Employees Have Global Administrator Permissions?

When it comes to online security, small oversights commonly made by small business owners can quickly become big problems. If you are using Office 365 should team members have global administrator permissions?  The short answer is no.

Today, our team at TUCU will explore Office 365 security, and explain how small business owners and their IT administrators can ensure their employees’ email accounts do not become phished or hacked by restricting admin rights.

A couple of weeks ago, an online Reddit user explained how a client’s Office 365 email was phished. The problem was first detected when the email account in question was sending spam email. Upon this discovery, the account was secured. However, further issues began to surface. After a bit of investigation, it was discovered that the small business owner had made all of the users Global Administrators in Office 365. As a result, the cyber attacker was able to:

• Create a rule that actively deleted Office 365 emails
• Create rules that caused mail to be auto-marked as “read”, and then moved to the RSS subscriptions folder
• Create two brand-new Office 365 accounts and then assign them Global Administrator permissions

How To Secure Office 365 Accounts

Hindsight is 20/20. There are several things that could have prevented this type of security breach, including user awareness training, multi-factor authentication, and securing mail flow. More importantly, only the IT provider and the small business owner should have global administrator permissions. In the sections below, we will offer some basic tips on how to protect your small business from situations such as this one.

Use Multi-Factor Authentication For Office 365 Login

Multi-factor authentication, or MFA, provides an additional layer of security when logging into an account. For example, in addition to the initial login, a user will be prompted to also acknowledge a text message, phone call, or app notification. Therefore, a stolen password is not enough to phish an account. The attacker would also need to satisfy an additional security challenge.

Use Office 365 Secure Score

Fortunately, Office 365 has a built-in security analytics tool, called Secure Score. By comparing your business’ data with a baseline determined by Microsoft, Office 365 can evaluate your activities and settings, and recommend any necessary changes. You can undertake changes on your own or hire your IT support company to make changes for you.

Use Office 365 Cloud App Security

Every business can set up specific policies based on their specific needs. As a result, administrators can review unusual activity and determine if further action must be taken. This includes things such as multiple failed login attempts, sign-ins from unknown IP addresses, and downloading large amounts of data.

Secure Mail Flow

This feature is available in Exchange Online Protection and gives small business owners more knowledge about the identity of each email sender. It can also protect the system against unknown malware, viruses, and more.

Use Data Loss Prevention

Data loss prevention is a beneficial tool that helps keep your employees from intentionally or accidentally sharing sensitive data. This feature is available across the entire Office 365 platform, ensuring that users remain compliant without workflow interruption.

Cloud Consultants In Toronto: Before you switch to the cloud, get professional guidance and setup help.  There are many options to choose from, and some not so obvious security tools and settings you would want to use with your business cloud accounts.  TUCU has been providing IT & cloud solutions in Toronto since 2003. As both Google and Microsoft Certified Partners in Toronto, we are happy to help you choose the services that will best serve your business, and set up everything for you from start to finish.