Good, Better and Best security with Microsoft 365

Jan 29, 2024

Security is an ever-moving target. Find out what tools you should be implementing in your cybersecurity strategy. 

Cybersecurity is a higher priority than ever before, thanks to the rise in random and targeted attacks, most of which attempt to compromise users through email to steal their identity and logon credentials to launch attacks…

Most companies use Microsoft 365 for communication, user productivity and file management, and can use the tools included in the suite as part of a strategy to build a strong defence against cyberthreats.

In recent years Microsoft has worked alongside the UK National Cyber Security Centre (NCSC) to create comprehensive guidance to implement effective security for UK government organisations using Microsoft 365. 

Whilst the guidance was originally devised to help UK Public Sector organisations we believe there is value in the guidance for all businesses.

The NCSC recommended security guidance from Microsoft breaks down security measures into Good, Better and Best sections exploring the following areas: 

Identity: recommended controls explaining how to secure identities which authenticate against Office 365 services. 

Office 365 Service Configuration: recommended controls for Office 365 describing the settings you need to secure the service and raise the security standard of the organisations’ Office 365 tenant.  

Security Tool Configuration: guidance on how to implement and deploy the included Defender products to achieve the appropriate level of security and reporting for your organisation. 

We’ve put together a table below highlighting the differences between the three levels in Microsoft’s advisory: 
Good, Better, Best c
If you’re unsure about the difference between E3 and E5, or between Business Standard and Business Premium, the main differentiator is that E5 is a step-up from E3 due to its more robust security, compliance and analytics tools built for larger enterprises. Business Premium, for organisations under 300 users, offers comparable security and device management capabilities as E3 If you feel like you need stronger security features, then adding the E5 Security add-on or upgrading to M365 E5 would be the most appropriate option for your organisation. However, if you feel your organisation does not need top-tier security, and/or Teams Phone and Power BI, an E3 subscription will save you money.  Likewise for smaller organisations, M365 Business Standard includes basic security capabilities, Business Premium provides considerably better capabilities plus device management and deployment tools.  It’s worth noting that you can upgrade from Microsoft E3 to Microsoft E5, or Business Standard to Business Premium at a later date if you decide it’s the best fit for you, simply by contacting your Microsoft licensing advisor.   We recently wrote a blog post about what tools and capabilities are included in the M365 E5 Security and Compliance add-ons, and where they provide value, which is an option if you don’t want to pay for the full E5 licence. Organisations have different priorities; some might want to focus on advanced threat protection and response over compliance features and vice versa. The Security and Compliance add-ons packages Microsoft’s E5 Security and Compliance technologies into two individual bundles. You can read more here. 

What happens next? 

Organisations already using Microsoft 365 should review their deployments against the guidance offered by Microsoft and use this as a minimum of what should be put in place.  According to the NCSC, smaller organisations will find the mitigations in the advisory more valuable, and larger organisations and the public sector should focus more on the detailed guidance. If you aren’t already following more simple cybersecurity steps such as using MFA or Conditional Access, you shouldn’t leave it any longer to get started. And don’t forget, there’s support out there, from Fordway and others, to help you keep your organisation secure and running smoothly. 

We know IT and particularly cybersecurity can be a little overwhelming. As a Microsoft Partner and Managed Services Provider, our team of Microsoft experts are here to help.

Book a free M365 Assessment today so we can understand where you’re currently at and help you to unlock the full potential of your M365 licence. Or, simply get in touch with us below for a free consultation.

Sign up for our no obligation Cloud Readiness Assessment

Speak to an Azure expert today for a free consultation