Microsoft 365 Email Security
Visit our How to Secure 365 hub to find out more about additional layers of security to protect your organisation, whether you are preparing for, migrating to, or strengthening the performance of your Microsoft 365 environment.
Email is a business-critical service for the vast majority of organisations.
Despite years of claims that it will be replaced by other tools, email doesn’t appear to be going anywhere fast. In fact, it’s estimated that there are four billion global e-mail users, and it’s set to grow to 4.6 billion users in 2025. What is changing is how we facilitate it.
As with many other business services, it’s increasingly moving to the cloud and Microsoft 365 has swiftly become the de facto provider for an increasing number of organisations. In fact, M365 commercial monthly active users reached nearly 345 million this year.
According to Microsoft itself, it expects 70 percent of customers to be using Exchange Online in Microsoft 365 instead of Microsoft Exchange on-premises within the next year. But there are still those holding out, with 32 percent of respondents to a recent survey claiming that email security concerns are stopping them from moving their email to the cloud.
Microsoft does offer two levels of Microsoft 365 email security to customers – Exchange Online Protection (EOP) and Advanced Threat Protection (ATP). Neither offers true enterprise-class – or best-of-breed email security – and many organisations choose third-party security solutions that are complementary and can enhance the security of the Microsoft platform – an approach advocated by analyst firm Gartner.
While Microsoft 365 email security tools provide a level of security from email-based attacks, even Advanced Threat Protection (ATP) does not include the ultra-modern, multi-layered security that is common in third-party email security solutions. Microsoft’s 365 email security capabilities are powerful against traditional spam but less effective against modern, highly-targeted email threats, such as CEO fraud.
There’s also the issue of service uptime and availability, which is a major concern for organisations adopting Exchange Online. Searching ‘Microsoft 365 down’ on Twitter, quickly reveals that uptime isn’t always a strength of the service. Given how critical email is for employee productivity, any risk of downtime is a mark against Exchange Online.
Securing365 Vlog Series
The final hurdle for a lot of businesses is email archiving. Organisations, especially those working in regulated industries, need to ensure that they comply with legislative and regulatory requirements.
While Microsoft 365 does have email archiving, it is not a best-in-breed product or fully compliant, and many businesses will require or desire additional features such as tamper-proof storage and functionality to quickly respond to e-discovery requests or warrants.
None of these issues means that organisations should abandon Microsoft 365. Instead, they simply need to be aware of Microsoft 365 cloud security limitations and deploy best-of-breed security solutions alongside it.
For example, an additional email continuity solution will provide users with an ‘emergency inbox’, usually via a web portal that contains access to inbox and sent items from the last 7-30 days, meaning that if the primary email provider (or server) fails, users can still read and respond to email until service is restored. This provides a level of reassurance for companies, particularly when moving email off-premises.
Cloud-based email security software can be used productively and safely for business. However, companies should not settle for the standard tools, but instead, seek out advanced Microsoft 365 email solutions to ensure the safety of their data and the integrity of their compliance programs.