The Best and Easiest Microsoft 365 Security Settings You Should Enable Today

When it comes to securing your Microsoft 365 tenant, many businesses assume it's a massive job. But the truth is, you can drastically improve your organization’s security posture with just a few simple changes — no complex setup or deep technical skills required.

At Sonar IT, we help businesses get the most out of Microsoft 365, and today we’re sharing our top security settings that are easy to enable — but make a big impact.

✅ 1. Turn On Multi-Factor Authentication (MFA) for All Users

Why it matters:
Passwords alone aren’t enough. MFA is the #1 way to prevent unauthorized access — especially against phishing and credential theft.

How to do it:

• Go to Microsoft 365 Admin Center → Users → Active users
• Click Multi-factor authentication at the top
• Enable MFA for all users — or ideally, enforce it via Security Defaults

🔒 Pro tip: Use the Microsoft Authenticator app for a smoother experience than SMS.

✅ 2. Enable Security Defaults (Great for Small Businesses)

Why it matters:
Security Defaults is Microsoft’s one-click way to enforce key protections like:

• MFA
• Blocking legacy (less secure) protocols
• User protection policies

How to do it:

• Go to Azure Active Directory → Properties
• Click Manage Security Defaults
• Set to Enable

🛡️ Ideal for small businesses without custom security policies.

✅ 3. Set Up Anti-Phishing & Anti-Spam Policies

Why it matters:
Microsoft Defender already does a good job, but you can easily tighten things further.

How to do it:

• Visit the Microsoft 365 Defender portal: https://security.microsoft.com
• Navigate to Email & Collaboration → Policies & rules
• Review and strengthen Anti-Phishing, Anti-Spam, and Anti-Malware policies
  • Enable impersonation protection
  • Add executives to the protected users list
  • Set stricter thresholds for spam filtering

✅ 4. Block Legacy Authentication Protocols

Why it matters:
Older protocols like IMAP and POP don’t support MFA and are often exploited by attackers.

How to do it:

• Go to Azure AD Admin Center → Sign-in logs
• Filter for legacy auth and identify usage
• Then go to Conditional Access and block legacy protocols

🧯 Bonus: Disabling legacy auth can reduce phishing risk significantly.

‍

‍

✅ 5. Set Up Safe Links and Safe Attachments

Why it matters:
These Microsoft Defender features scan links and attachments before users click them — stopping threats before they spread.

How to do it:

• Go to Microsoft 365 Defender → Policies & Rules → Safe Links / Safe Attachments
• Enable real-time scanning and URL rewriting for all users

🛡️ Particularly important for users in finance, HR, or executive roles.

✅ 6. Enable User and Admin Alerts

Why it matters:
If something suspicious happens — like a login from another country — you want to know ASAP.

How to do it:

• In Microsoft Defender → Alerts policies, set up rules for:
  • Impossible travel
  • Malware detection
  • Mail forwarding rules (common tactic in account takeovers)

🧠 Don’t forget to set alerts to go to IT or your external IT provider.

✅ 7. Regularly Review the Secure Score

Why it matters:
Microsoft gives your tenant a Secure Score based on best practices — and it recommends quick wins to improve.

How to do it:

• Go to https://security.microsoft.com/securescore
• Follow the top-priority suggestions — many are one-click changes!

📈 This is a great way to track progress and show stakeholders your business is getting more secure.

Final Thoughts

Security doesn’t have to be complicated. With these straightforward Microsoft 365 settings, you can significantly reduce your cyber risk and build a strong foundation for future growth.

If you're not sure where to start, or want help rolling this out across your business, get in touch with the team at Sonar IT — we specialize in setting up and securing Microsoft 365 environments for businesses of all sizes.

Need help securing your Microsoft 365 tenant?
📩 Reach out to Sonar IT today for a free consultation.

‍