Protecting SMB data with Microsoft 365 Business
Published Mar 27 2020 11:36 AM 5,560 Views

According to an internal survey, over 80% of SMBs collect Personally Identifiable Information (PII) and over 30% collect Social Security Numbers (SSNs). Given the amount of sensitive information being processed, it becomes imperative for SMBs to have IT processes in place to protect sensitive data. That’s where Microsoft 365 Business can help.


Microsoft 365 Business is a comprehensive suite of enterprise grade security tools curated specifically for SMBs with less than 300 employees. It provides a layered approach to protecting sensitive data that spans Identity, Device, Email and Documents.


Providing a layered approach to protecting data.

Since data traverses across devices, applications and documents, it becomes difficult for a single point solution to protect it. The security features in Microsoft 365 Business protect your data across Identity, Device, Application and Documents – giving you a robust set of protections that spans various IT layers while also providing your users a seamless experience. Let’s show you how:


Protecting Identity: Identity policies are key to determining who gets to access to sensitive data. With features like Conditional Access & MFA, you have the ability to define granular access policies to control who accesses your data.

  • Conditional Access: This feature helps you control access on the basis of location, app, device state and user state. In case a user is using an app or a device that is not company authorized, you can use conditional access feature to restrict access in these cases. For Example, you can restrict access to corporate data from unmanaged home computers. CA is extremely effective in sage guarding access based multiple criteria rather than simply relying on username and password.

  • MFA: If you are concerned that hackers can gain access to your business data by simply figuring out your username and password, then Multi Factor Authentication (MFA) adds the crucial second layer of security to keep your business data secure. By enabling MFA, users can gain access by putting in a code sent to them via text or phone call along with their username/password. By enabling MFA, you can ensure that malicious actors will not gain access to your system even if they somehow manage to get hold of a user's username and password.

Protecting Email: Since email is the key gateway to business data, it becomes a strategic imperative to protect your sensitive information from being shared externally. Preservation of your business data is also important from a business continuity standpoint. Microsoft 365 Business has features like Data Loss Prevention, Exchange Online Archiving & Office 365 Information Protection capabilities.

  • Data Loss Prevention: Small businesses deal with a variety of sensitive information like Customer credit card numbers, SSN, DOB or even intellectual property that is core to the running of the business. Keeping this information safe can be a challenge because expecting employees to manually check every email or document shared for sensitive information can be hard. The Data Loss Prevention policies in M365B help businesses easily identify, monitor, and protect sensitive information through deep content analysis
    • Includes pre-configured templates that can help businesses detect specific types of sensitive information being communicated  such as Credit Card Numbers, SSN, Date of Birth or even locale-specific personally identifiable information (PII).
    • It also provides policy tips, which can help educate and prevent end users from accidental sharing of sensitive info by displaying a policy tip in Outlook.

  • Exchange Online Archiving: Small businesses have a need to keep all company data safe, preserved in the event of lost/ stolen devices, infrastructure failure or to meet litigation and compliance obligations. Exchange online archiving safeguards data by allowing for messages to be easily archived that is accessible anytime/anywhere. It preserves user information including deleted items for discovery or restoration at a later date

  • Information Protection Policies for Email:  A challenge that Small businesses have is controlling & managing who has access to the company’s sensitive email. Enabling these controls without hindering productivity is also hard. Azure Information Protection Policies in M365B provides capabilities to control & manage how information is accessed and making sure that only the right folks have access to the right data.
    • Helps you communicate and collaborate securely while controlling access to sensitive information with email controls like “Do No Forward”; “Do not copy” etc
    • Helps you classify sensitive information like “Confidential” and enable specific restriction for how classified can be shared outside and inside the business
    • Enables you to securely share sensitive content with authorized external parties through easy to enable encryption controls. For Example: A healthcare practice that needs to share an email containing PHI with their patients. A fully encrypted email is sent to the patient and they can then access it after authenticating with their Microsoft or Gmail account or through a one-time generated passcode

Protecting data on mobile devices: Since most users use their personal mobile devices to access corporate data like email and documents, it becomes imperative to protect corporate data on unmanaged personal mobile devices. Intune’s Mobile Application Management (MAM) feature helps you do that.

  • Intune Mobile Application Management (MAM): Through this, you are able to restrict users from Copy, Pasting or saving corporate data & documents from their Microsoft 365 Apps to their personal apps. For Example, when this feature is enabled, a user is unable to copy/paste information from an email into their iOS Notes app.

Protecting Documents: Since a majority of our productivity occurs in Office documents, we now have the ability to protect sensitive documents through Azure Information Protection capabilities in Microsoft 365 Business.

  • Azure Information Protection: Gives you the ability to classify documents according to various degrees of sensitivity like ‘Highly Confidential’, ‘General’ or ‘Public’. You can then enable sharing restrictions based on the classification labels. For Example – A document classified ‘Highly Confidential’ can only be accessed a restricted group of pre-determined individuals. So even if a highly classified document is forwarded outside the organization or widely inside the organization, it can only be accessed by the chosen few who have pre-determined access. In this way you can ‘Lock’ documents and share them securely. Even if this document landed in the wrong hands, they won’t be able to access it unless they had permission to do so.


We hope that through this blogpost, you have confidence that Microsoft 365 Business has robust features to help protect your sensitive data across various IT layers. For more details on Microsoft 365 Business, please visit

1 Comment
Version history
Last update:
‎Mar 27 2020 11:35 AM
Updated by: