Staff turnover is something every business owner has to manage and despite being as thorough as possible with the interview process, you are ultimately giving someone you don’t really know an email address to speak to the world on your Companies behalf!  More often than not the email is then added to their mobile phone giving them access to emails away from the office as well!

The actual process of setting up an email address in Office 365 and configuring Outlook on their device is relatively simple however, what most people don’t realise is Microsoft include a host of features to secure their account and they are completely FREE as part of your Office 365 subscription, they just don’t get switched on.  We are often asked to setup Outlook without sharing the email password with the user in an attempt to stop them accessing their email’s away from the office.  In this article we want to share with you some of the inbuilt features of Office 365 you can use to secure new starters email (rather than hiding the password from them!):-

Disable mobile phone Access to the Office 365 Account

From within the Office 365 Admin Centre you can choose if a user has access to their emails from a mobile phone.  It can even be set based on the model of phone for example, you can grant access on an iPhone that the Company provides and yet block them accessing their emails on their own personal Android device.

Dont allow access unless the device is encrypted

Another feature in-built to Office 365 is the ability to block mobile phone access to the mailbox unless the device is encrypted, as per the screen shot below you can also specify a minimum password length and set the mobile to wipe itself after a certain number of failed logins!

 

Office 365 Mobile Phone Settings

 

Multi Factor Authentication for Office 365

Despite the complicated name Multi Factor Authentication for Office 365 is one of the best features to secure your staff’s email and it does this on several levels.  Firstly, Multi Factor Authentication is the process of having a second level of security that you must complete after you have entered in the correct email address and password.  More often than not the second level of security is a text message to your mobile phone that you also need to enter in order to login to the mailbox.  This feature is FREE as part of your existing Office 365 subscription and just needs enabling.

To give you an idea of how this can help, let’s say for example a member of staff receives an email that looks as though it comes from Microsoft asking them to verify their email password, the user then clicks on the link, enters in the password at the prompt and just like that the hacker now has your credentials.  The hacker will then go to the Office 365 website and try to login with your details to access your mailbox except they can’t as it is asking for a code, you will receive a text message on your mobile phone so not only can they not login to your mailbox but more importantly you are alerted to the fact someone is trying to login as you and its change password time without any damage being done.  Did we mention that this is all FREE as part of your subscription?

Multi Factor Authentication prompt

 

Device Based access

Once you have setup and enabled Multi Factor Authentication in Office 365 it can then be configured to restrict access to your account based on a list of approved devices.  The first time you launch Outlook on your PC after enabling MFA it will ask you to provide an “Application Password” that you were given as part of the MFA setup process.  Outlook will not connect unless this password is entered and once you have entered the correct Application Password you can then add this device to your Office 365 account as a trusted device.  Going back to the example earlier where a hacker gets hold of your Office 365 credentials and fails to gain access via the Office 365 website they might then try to configure Outlook on their own PC to access your mailbox, this however will fail as they do not know your Application Password and their device is not registered as an approved device in Office 365.

This device based access doesn’t just secure Outlook running on your PC the same “Application Password” needs to be entered if you are using Word, Excel and One Note to access data on Office 365, once you enter the correct “Application Password” the device can be added to your trusted devices list blocking access to anyone trying to access your account on a different device.  These simple features that are FREE as part of your existing Office 365 subscription can go a long way to help protect your business, if you’d like any further information or help on rolling out these changes across your business feel free to get in touch at [email protected] or alternatively why not give us a call on 0121 296 5545.


For over 17 years, Leap IT has been working with more than 200 businesses throughout the West Midlands and across the UK. We work closely with you to really understand what your business needs so that we can make sure you always receive the best advice, and achieve the best value. With a breadth of solutions spanning IT SupportCommunicationsCloud Computing, and Print, we see that your IT is completely covered from end to end. We ensure that your IT works exactly as it should, all of the time.  This way, you can be free to focus on your business and use technology to help you progress rather than worrying about it holding you back. Nor should you settle for less.  It’s what drives us on to be more responsive, more innovative, and more switched-on than your typical IT partner.  We’re here to take your business’ IT to where it needs to be.