Q&A
What's Inside Microsoft 365's Security Toolbox?
Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft 365 is the hub of many businesses' day-to-day productivity and communication needs, but it's also one of their most porous applications in terms of data security.
The truth is that Microsoft provides plenty of native tools and settings that can help organizations get a significant leg up against would-be attackers looking to mine their Microsoft 365 end users' data. However, navigating Microsoft's vast, evolving and fast-changing portfolio of native tools is easier said than done.
Karinne Bessette has cut their teeth tracking and assessing Microsoft 365's myriad security capabilities -- so much that they've built a crash course around the topic. In a session taking place at the upcoming TechMentor Microsoft HQ event, Bessette will help attendees wrap their heads around "where to start and what is available" when it comes to Microsoft 365 security tools. We caught up with Bessette recently for a quick Q&A ahead of their session.
Redmond: Copilot for Security was just recently released. How do you think this will affect the security outlook for Microsoft 365 admins?
Bessette: My favorite response to this question is, "AI will not take your job but someone using AI will."
Copilot is a tool to be come more efficient at your job and ask questions you may not have been aware of. Pile on the lighting speed at which the Microsoft 365 environment changes, and Copilot for Security becomes the necessary tool to keep up and remain secure.
In your opinion, how much have Microsoft 365's native security capabilities advanced in the last few years? Are there any areas that you think Microsoft can still improve?
Over the years, Microsoft 365 security has gone through many changes to keep up with modern security needs. Microsoft has overhauled the Microsoft 365 security and compliance center into two new portals -- Purview for compliance and Defender for Office 365. These portals contain more insights and tools for securing and regulating Microsoft 365 data.
"There are tons of native configurations and tools that can be used to make your organization more secure -- you simply need to deploy them."
Karinne Bessette, Technologist, Product Strategy Team, Veeam
Then, there's Copilot for Security. This is in the early stages, but I am excited to see how this grows and continues to support users.
Are there any specific attack types or methods that you've seen giving Microsoft 365 admins a particularly tough time?
Most attacks that occur are due to end users, like phishing, or due to leaving default configurations in the environment. There are tons of native configurations and tools that can be used to make your organization more secure -- you simply need to deploy them.
How important is end user education in an organization's Microsoft 365 security strategy? Do you think IT teams are doing enough when it comes to testing and/or educating end users?
End user education is very important to not only prevent attacks, but also to make your users ready to report early detection of attacks. I think every organization can do better with educating users in a way they understand. [A good stratetgy includes] using tools like gamification and non-disruptive training.
Looking ahead, what do you think we should expect from Microsoft in terms of how will improve Microsoft 365's security posture? Are there any features you're anticipating, or that are on your wishlist?
Microsoft has come out with so many features over the last years, it would be worth going back and stitching the pieces together.