If your company uses Microsoft 365 for email, Office apps, and other services, it’s important to make sure your Microsoft account is protected. There’s a lot of information behind it that you don’t want outside parties to access.
Let’s go over some of the ways to increase the strength of your Microsoft 365 account security. Be aware that these options may differ depending on your environment’s setup.
1. Set a Strong Password
As we’ve discussed before, one of the most important ways to keep any account safe is by protecting it with a strong password. The password that protects your email is particularly important, since a nefarious party could use it to reset the passwords for other accounts.
To change your Microsoft 365 account password, head to myaccount.microsoft.com and log in with your credentials if needed. On the overview screen, you’ll see a number of tiles; select Change Password under Password.
Here, enter your Old password, then a new password twice. Your new password needs to be at least 8 characters, but can go up to 256. Be sure to use one that you don’t use on any other sites.
We strongly recommend that you start using a password manager if you don’t already. These tools allow you to create unique, complex passwords for every site and lock them all behind one master password.
2. Add Recovery Login Methods
If you ever forget your password or otherwise lose access to your account, it’s easier to get back in when you have up-to-date recovery info on your account. To check yours, click Update Info under Security Info on the overview page.
Here, you’ll see all the methods that you can use to sign into your Microsoft 365 account or reset your password if you get locked out. If you no longer use any of them, click Delete to remove the link to your account. Make sure that the Default sign-in method is correct, too.
Choose Add method to add another secondary email address or phone number, then walk through the steps to confirm it.
If you think someone else has access to your account, or you no longer have a device where you were logged into your Microsoft account, choose Sign out everywhere to close all active sessions. You’ll have to log in again everywhere to access your account.
3. Enable Two-Factor Authentication
One of the options on the above menu is particularly important. You should set up two-factor authentication if you don’t already use it for your Microsoft account. As we’ve discussed before, this vital security option requires something you have—usually a code from your phone—to log in, in addition to your password.
To add a 2FA method to your Microsoft 365 account, head back to the Update Info page as discussed above. Click Add method, followed by Authenticator app or Alternate phone.
We recommend using an authenticator app to generate codes since they work anywhere and are more secure, but getting codes via phone is better than nothing. If you choose Authenticator app, you’ll be guided through installing Microsoft Authenticator (or another 2FA app, like Duo) and scanning a QR code to add this security to your account.
If you add another phone number, you’ll need to enter a code sent via call or text to confirm it’s yours. Once you have 2FA set up, you’ll need to enter the code from your phone after successfully entering your password upon login.
4. Check Active Devices
Next, you should also check the Manage Devices menu under Devices to see which of your organization’s devices you’re logged into.
Disable any devices you no longer use here. If you see a deactivated device that should be active, talk to your IT team to fix the issue.
5. Review Recent Sign-Ins
Your Microsoft account keeps a record of all login activity, which is an important security tool. Click Review Recent Activity under My sign-ins to take a look.
Each one contains a broad location, the browser and operation system used, and what app was logged into. You’ll see Successful sign-in next to any attempt that logged in without a problem.
If someone tried to break into your account and failed, take note of this. It’s not a bad idea to take a screenshot of this and let your IT admin know. And in case you see a login that succeeded but wasn’t you, click Looks unfamiliar? Secure your account to walk through some steps to resolve the issue.
6. Do a Full Audit of More Advanced Microsoft 365 Settings
There are many additional controls in Microsoft 365 that a professional can review to confirm that they meet your requirements. For example, additional malware filtering, phishing protection, and conditional access are all available.
These can help prevent someone from accidentally clicking a link and crypto-locking your computers.
Keep Your Microsoft 365 Account Protected
As we’ve seen, it only takes a few minutes to look over the security options on your Microsoft 365 account and confirm that everything looks right. It’s important to be proactive and set up the right protections ahead of time, as well as check in every so often to catch signs of malicious activity.
For more general tips, be aware of the ways that your password could be stolen so you don’t walk into a trap.