With Microsoft 365 a driving force for collaboration and day-to-day productivity for many businesses, it is important for organizations of all sizes to consider the nuances of using the platform and identify where there may be gaps in their strategy. Osterman Research recently published a white paper on how to optimize Microsoft 365 to improve security, ease data management, and ensure you’re getting your moneys’ worth. Here are some tips.

Improving Security

According to Osterman, businesses utilizing Microsoft 365 must remain vigilant to the evolving threat landscape of cloud applications. Email is the most common attack vector, and phishing techniques are becoming more sophisticated and harder to identify. So, it’s crucial that users are educated on how to identify phishing and other suspicious emails. Microsoft’s anti-phishing, anti-spoofing, and anti-impersonation capabilities can and should be used to help avert attacks that users miss.

However, Microsoft’s native security features are not enough to protect businesses from attacks. So, in addition to these features, Osterman recommends implementing third-party security solutions including anti-virus and data loss prevention software.

Another way to boost security of Microsoft 365 is to enable multi-factor authentication. Passwords are often found on the dark web and can be matched to your employee’s Microsoft account. Removing reliability on a single password boosts the difficulty of hacking the account.

Improving Archiving and Data Backup and Recovery

According to Osterman, archiving is often confused for backup and vice versa, and while these are both best practices offering strategic value, they differ substantially.

  • Archiving is intended for continuous and long-term (sometimes indefinite) retention of all relevant business content that might be needed for regulatory, legal, knowledge management or analytics purposes. The goal with archiving is to retain business records for long periods to protect loss of critical business data.
  • Backup is focused on capturing periodic snapshots of all of the content on an endpoint, server or other device for purposes of quickly recovering from a hardware failure, a ransomware attack, a rogue employee’s or administrator’s deletion of data, or some other problem that results in data loss. For organizations that value quick response and easy recovery of critical data in Microsoft 365, backups are an essential component of any data protection infrastructure.

Microsoft 365 brings its own approach to archiving and backup. However, these measures are not enough to fully protect business data. Osterman’s report again suggests that organizations using Microsoft 365 should consider third-party solutions rather than relying solely on the cloud platform.

Third-party backup is crucial as Microsoft’s built-in capabilities are lacking in certain areas. Microsoft 365 embraces a data backup “in-place” approach, with data restoration enabled via trash bins from which users can recover their own deleted items, special trash bins with extended actual deletion timeframes from which administrators can recover deleted items, and exemptions on data deletion in legal hold situations. Third-party solutions, on the other hand, avoid the in-place paradigm in preference for an actual backup of data outside of the native and original data system. Creating and storing backups independent of primary systems is considered data protection 101 in on-premises systems. The same applies for cloud-based apps.


To learn more about how to improve management, security, archiving, and backup of Microsoft 365, take a look at Osterman Research’s white paper, Improving Performance and Driving Down Cost of Microsoft 365.