Security & compliance

Overview of Microsoft 365 Business Security

Your browser does not support video. Install Microsoft Silverlight, Adobe Flash Player, or Internet Explorer 9.

Microsoft 365 Business provides threat protection, data protection, and device management features to help you protect your company from online threats and unauthorized access, as well as protect and manage company data on your phones, tablets, and computers.

Threat protection

Microsoft 365 Business includes Office 365 Advanced Threat Protection (ATP), a cloud-based email filtering service that protects you from malware, ransomware, harmful links, and more. ATP Safe Links protects you from malicious URLs in email or Office documents. ATP Safe Attachments protects you from malware and viruses attached to messages or documents.

Multi-factor authentication (MFA), or two-step verification, requires you to present a second form of authentication, such as a verification code, to confirm your identity before you can access resources.  

Windows Defender provides comprehensive protection for your system, files, and online activities from viruses, malware, spyware, and other threats.

Threat protection symbol and text

Data protection

Data protection features in Microsoft 365 Business help ensure that important data stays secure and only authorized people have access to it.

You can use data loss prevention (DLP) policies to identify and manage sensitive information, such as Social Security or credit card numbers, so that it isn't mistakenly shared. 

Office 365 Message Encryption combines encryption and access rights capabilities to help ensure that only intended recipients can view message content. Office 365 Message Encryption works with, Yahoo!, and Gmail, and other email services.

Exchange Online Archiving is a cloud-based archiving solution that works with Microsoft Exchange or Exchange Online to provide advanced archiving capabilities, including holds and data redundancy. You can use retention policies to help your organization reduce the liabilities associated with email and other communications. If your company is required to retain communications related to litigation, you can use In-Place Holds and Litigation Holds to preserve related email.

Data protection symbol and text

Device management

Microsoft 365 Business advanced device management features let you monitor and control what users can do with enrolled devices. These features include conditional access, Mobile Device Management (MDM), BitLocker, and automatic updates.

You can use conditional access policies to require additional security measures for certain users and tasks. For example, you can require multi-factor authentication (MFA) or block clients that don't support conditional access.

With MDM, you can help secure and manage your users' mobile devices like iPhones, iPads, Androids, and Windows phones. You can create and manage device security policies, remotely wipe a device to remove all company data, reset a device to factory settings, and view detailed device reports. 

You can enable BitLocker encryption to help protect data in case a device is lost or stolen, and enable Windows Exploit Guard to provide advanced protection against ransomware.

You can configure automatic updates so that the latest security features and updates are applied to all user devices. 

Device management symbol and text

Microsoft 365 Business helps you protect your company from online threats and unauthorized access, as well as protect and manage data on your phones, tablets, and computers.

Help prevent online criminals from getting access to data, resources, and passwords with Office 365 Advanced Threat Protection, or ATP. Scan for malicious links and malware in emails and Office docs by using ATP Safe Links and ATP Safe Attachments. Microsoft provides basic anti-phishing protection for everyone, but Office 365 ATP uses advanced learning and intelligence to automatically shut down new threats, such as criminals that try to obtain your personal information via deceptive emails.

Use multi-factor authentication to make your sign-in more secure. For example, you can use an app on your phone to make sure the you signing in is actually you.

Protect your Windows 10 devices and files from malware and ransomware by using Windows Defender, recently ranked best in class antivirus software.

Use data loss prevention, or DLP, to keep sensitive information, such as Social Security or credit card numbers from being shared inappropriately in files or emails.

Communicate more securely with your customers by using Office 365 Message Encryption. This makes sure that only the intended recipients can read the emails you send, and they can't be forwarded to recipients you didn't choose. 

Use Exchange Online Archiving to retain your employees' emails in case they leave or if they're needed for legal purposes.

Use conditional access to restrict how and when employees can access business files and apps.

For your users' personal phones and devices, you can require a passcode, restrict moving company email, files, and data to personal apps and storage, and remove company data from Office apps. For company devices, you can fully manage them, enforce BitLocker encryption, automatically install updates, reset the devices to their factory settings if given to a new user, or wipe data if lost or stolen. In addition to Windows 10 devices, you can also manage MacOS, iOS, and Android devices.

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.