Top 10 Security Features to Enable within Microsoft 365
3h 13mIntermediate2021-08-26
Authors

Liam Cleary
Microsoft MVP and MCT, CEO of SharePlicity
Course details
Microsoft 365 offers a suite of robust software and services that you can configure to suit your needs. The area of security is near the top of everyone’s priority list, but with so many features, you may find yourself unclear over which options to choose. In this course, Microsoft MVP Liam Cleary shares his top 10 security controls that you should enable in your Microsoft 365 tenant. He starts with the core security categories and controls of Microsoft 365 that are available out of the box. He then shows how to enable the standard features to help protect user passwords, control access to the tenant, block data leakage, control device access, and manage external sharing capabilities.
Skills covered
Security AwarenessPersonal Productivity SoftwareCloud ServicesCybersecurityCloud ComputingBusiness Software and ToolsOne-Off
Concepts
0. Introduction
- 01 - Secure Microsoft 365 with these tips
- 02 - What you should know
1. Security Features within Microsoft 365
- 03 - Understanding core Microsoft 365 security
- 04 - Protecting account logins
- 05 - Blocking access to applications and services
- 06 - Controlling the flow of data
- 07 - Protecting external access
2. Protecting User Accounts and Passwords
- 08 - Managing and protecting user accounts
- 09 - Multi-factor authentication advantages
- 10 - Enabling multi-factor authentication
- 11 - Managing account passwords
- 12 - Configuring password expiration
- 13 - Banning passwords
3. Controlling Access to Microsoft 365
- 14 - Understanding Conditional Access
- 15 - Blocking legacy authentication
- 16 - Identifying applications that use legacy authentication
- 17 - Configuring policies to block legacy authentication
- 18 - Managing access with Conditional Access
- 19 - Create base Conditional Access policies
4. Blocking Data Leakage
- 20 - How does data leak within Exchange Online
- 21 - Exchange Online core protections
- 22 - Understanding transport rules
- 23 - Blocking forwarding of email
5. Controlling Device Access
- 24 - Mobile device management within Microsoft 365
- 25 - Supporting bring your own device (BYOD)
- 26 - Mobile device management capabilities
- 27 - Mobile application management capabilities
- 28 - Creating mobile application policies
6. Managing External Sharing Capabilities
- 29 - Understanding external sharing in Microsoft 365
- 30 - Allowing external access
- 31 - Controlling external access
- 32 - Restricting external access within SharePoint Online
- 33 - Restricting external access within OneDrive for Business
- 34 - Managing external access within Microsoft Teams
Conclusion
- 35 - Next steps
Related courses
- Security in ASP.NET Core
- Learning the OWASP Top 10 (2025 Version)
- OWASP Top 10: #9 Security Logging and Monitoring Failures and #10 Server-Side Request Forgery
- The OWASP API Security Top 10: An Overview
- OWASP Top 10: #5 Security Misconfiguration and #6 Vulnerable and Outdated Components
- Advanced Threat Modeling and Risk Assessment in DevSecOps
- OWASP Top 10: #9 Components with Known Vulnerabilities and #10 Insufficient Logging and Monitoring
- OWASP Top 10: #1 Injection and #2 Broken Authentication
Related learn paths
- Leverage AI as a Cybersecurity Analyst
- AI Boot Camp for Small and Medium-Sized Businesses (SMBs)
- Prepare for the MTA: Software Development Fundamentals Exam (98-361)
- Advance Your JavaScript Skills
- Become a Java EE 7 Developer
- Navigating the Cybersecurity Threat Landscape
- Optimizing Enterprise Security and Productivity Using Microsoft 365
- The Top Skills IT Professionals Have Right Now