Take a look at three things you can do to help secure your Office 365 tenancy that won't cost you a penny.
The following is an excerpt from 11 Things You Should Do Immediately To Lock Down Your Office 365 compiled by iV4's Security Team. Download the full guide here.
1. Enable Multi-Factor Authentication for Global Admins
Security breaches of an Office 365 subscription, including information harvesting and phishing attacks, are typically done by compromising the credentials of an Office 365 global admin account.
Enabling multi-factor authentication (MFA) for global admins will make it much more difficult for an attacker to steal admin credentials because it requires the user to verify their identity in at least two ways.
Link to more information: https://support.office.com/en-us/article/protect-your-office-365-global-administrator-accounts-6b4ded77-ac8d-42ed-8606-c014fd947560
2. Disable Accounts Not Used in 30 Days
While there may be legitimate circumstances where an account is unused for 30 days, these accounts can be targets for attackers who are looking to find ways to access your data without being noticed.
Deleting unnecessary accounts when an employee leaves, changes groups, or does not use the account prior to its expiration helps prevent breaches.
3. Set Outbound Spam Notifications
When a significant amount of spam is originating from a particular user, outbound spam filtering blocks them from sending email messages.
Configuring outbound spam notifications informs designated administrators that outbound messages have been blocked for a user. In addition, administrators will receive a copy of the spam email that caused the block to occur.
Link to more information: https://technet.microsoft.com/library/jj200737(v=exchg.150).aspx
Office 365 Security Best Practices
With Office 365, there are numerous security configurations and tools, many at no cost, that are designed to prevent malicious activity.