Keeping your nonprofit secure in Microsoft 365 starts with the right settings. Many nonprofits rely on Microsoft 365, but without the right security settings, they can be vulnerable to attacks. This blog series will walk you through practical steps to strengthen your cybersecurity, starting with enabling security defaults to add a strong layer of protection.
Why Security Defaults Matter
Security defaults are a set of basic identity security mechanisms recommended by Microsoft. They help protect your organization from common identity-related attacks, such as password spray, replay, and phishing attacks. By enabling these defaults, you ensure a stronger security posture for your nonprofit.
Who Should Enable Security Defaults?
This blog is particularly relevant for organizations whose subscriptions were created on or before October 22, 2019. For these organizations, in which we are honored to serve many, security defaults are not enabled by default, and it's crucial to manually activate them to safeguard your environment.
For nonprofits created after this date, security defaults most likely have been automatically enabled since this is the new standard. However, it's always good practice to double-check and ensure that these settings are active. Follow the steps below to either enable your security defaults or to confirm that they are enabled.
What Do Security Defaults Entail?
Security defaults encompass a set of basic controls designed to enhance the security of your nonprofit's Microsoft 365 environment. These controls include:
- Requiring all users to register for multifactor authentication (MFA): This ensures that every user has an additional layer of security beyond just a password.
- Requiring administrators to do multifactor authentication: Administrators have elevated privileges, making it crucial for them to use MFA to protect sensitive operations.
- Requiring users to do multifactor authentication when necessary: This applies MFA based on specific scenarios, such as accessing sensitive information or performing critical tasks.
- Blocking legacy authentication protocols: Legacy protocols are more susceptible to attacks. Blocking them helps prevent unauthorized access.
- Protecting privileged activities like access to the Azure portal: This ensures that high-risk activities are secured, reducing the risk of breaches.
By implementing these security defaults, you can significantly reduce the risk of identity-related attacks and enhance the overall security of your nonprofit's digital environment.
Step-by-Step Guide to Enabling Security Defaults
- Navigate to Office.com.
- Sign in with your admin credentials.
- Click the Admin icon in the menu on the left and select “Show all…” to reveal all admin center options.
- Click Identity.
- Click Overview.
- Click Properties.
- Click Manage Security Defaults.
- Click Security Defaults.
9. Select Enabled.
10. Click Save.
Conclusion
With due diligence, we serve many nonprofits, and we want to make sure all of them are protected. By enabling security defaults, you take a significant step towards securing your nonprofit's digital environment. Stay tuned for the next part of this series, where we'll cover more advanced security measures.
If you found this post helpful, be sure to check out Part 2 where we dive deeper into best practices for securing your admin accounts. You can read it here: Securing Your Nonprofit Environment (Part 2): Best Practices to Secure Your Admin Accounts | Microsoft Community Hub.
