Related topics
×
Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.
Small Business
For Admins
For Admins
Secure your business

A critical part of running your business these days is doing so securely. Fortunately, Microsoft 365 gives you a lot of tools to help you do that and it's easy to turn them on.

Illustration of a safe and files

Click the headings below for more information 

If criminals get the username and password of you or one of your team, they'll try to sign into your system to see what they can take. Using multifactor authentication makes it much harder for them to get in, even if they do have your username and password.

Tip

Want to know more about multifactor authentication? See What is: Multifactor Authentication.

To confirm multifactor authentication is on:

  1. Go to the Microsoft 365 admin center at https://admin.microsoft.com

  2. Select Show all, then All admin centers to display the additional admin centers, and then select Microsoft Entra.

    The admin centers menu in Microsoft 365 with the Azure Active Directory admin center highlighted.

  3. Select Identity from the navigation on the left, then Properties.

    The properties item in the Azure Active Directory (AAD) admin center.

  4. Select Manage security defaults from the bottom of the page.

    The Azure Active Directory tenant properties screen with the Manage security defaults link highlighted.

  5. On the panel that opens to the right, Enabled (recommended) should be select. If not, select it from the menu and then select Save.

    The enable security defaults dialog of the Azure Active Directory properties.

If you have to enable the setting, the next time you sign into Microsoft 365 you'll be prompted to set up the Microsoft Authenticator app as a second factor. It should take just a couple of minutes to download and set up the app on your Android or iPhone. Once it's set up, you're all set. For more details on how to do it see Set up Security info from a sign-in page.

For regular users it should rarely ask for the second factor when they sign into the device they always sign into. For admin users it may ask a little more often due to the sensitive nature of an admin account.

Phishing messages are often cleverly disguised to look like a message from a person or organization you trust. If you do a lot of business with alexw@contoso.com you're inclined to trust Alex and you might not notice if a message came in from alexw@contos0.com during a busy day.

Microsoft 365 can add a safety tip to that message alerting you that this is a new sender, and that might give you a chance to pause and recognize that this message is from an imposter.

A safety tag on an email message indicating that you don't often receive email from that sender.

To turn on the first contact safety tip.

  1. In your browser sign into https://security.microsoft.com/antiphishing.

  2. Select the default anti-phishing policy from the list.

  3. Select Edit actions

    The anti-phishing policy actions panel with an arrow pointing to the Edit actions link.

  4. Select the check box for Show first contact safety tip.

    The anti-phishing actions panel, with the Show first contact safety tip option highlighted.

  5. Select Save.

Microsoft 365 has a set of security features that can help protect your business and to make it easier for you to turn them on we've packaged them as a set that you can turn on together.

  1. Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.

  2. Under Email & Collaboration go to Policies & Rules > Threat policies > Preset Security Policies in the Templated policies section.

  3. On the Preset security policies page, in the Standard card, select Manage protection settings.

    The preset security policies dialog with the Manage protection settings link under Standard protection highlighted.

  4. The Apply standard protection wizard starts in a flyout. On the Exchange Online Protection page select All recipients. You want these protections to apply to everyone in your business. Then select Next.

    The Apply standard wizard showing the screen where you select which recipients to apply Exchange Online protection to.

  5. Leave the setting to Turn on the policy after I finish so that the settings will take effect right away and select Next.

  6. Review your settings and select Confirm to finish.

Tip

Get expert advice, dedicated support and personalized guidance from business specialists. With Business Assist, get help making Microsoft 365 products work for you and everyone in your business.

Learn More

Learn more

Microsoft security help and learning

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

M365 subscription benefits illustrative icon

Microsoft 365 subscription benefits

M365 training illustrative icon

Microsoft 365 training

Microsoft Security shield illustrative icon

Microsoft security

Accessibility center illustrative icon

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community illustrative icon

Microsoft Tech Community

Windows Insiders illustrative icon

Windows Insiders

M365 Insiders illustrative icon

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×