Fraud Blocker
top of page
  • Writer's pictureBrandon Alsup

Is Microsoft 365 Safe for Business? Cybersecurity Experts Say Yes

Microsoft 365 is a popular subscription service that allows you to use a full suite of Microsoft's services. As a managed IT services provider, Kosh Solutions recommends Microsoft 365 for businesses over other options like Google Workspace. We receive inquiries from customers and businesses within our New Mexico, Durango, and Irvine service areas asking, "how safe is Microsoft 365 for business?"

Cybersecurity experts generally agree that Microsoft 365 is safe for business. This agreement is because Microsoft stores data in geographically distributed data centers and uses systems such as TLS encryption and Exchange Online Protection (EOP). You can further secure your Microsoft 365 by implementing more security steps such as MFA and user training.

This article discusses if Microsoft 365 is safe for business. If you are planning to use or currently use 365, we also discuss additional steps you can take to increase your security.


Related Articles


Why Is Microsoft 365 Safe For Business?

Microsoft 365 is safe for businesses because it implements many security systems to protect users. These include having geographically distributed data centers and email protection systems such as Exchange Online Protection (EOP). Microsoft 365 also comes with 256-bit AES encryption for data protection.

We are sure you know Microsoft has a great track record working with businesses. From its early founding, Microsoft has focused on working and developing systems for businesses, large or small. As a result, you can expect Microsoft to continue to be business focused with Microsoft 365.

Geographically Distributed Data Centers

Microsoft stores your cloud data (think Onedrive or SharePoint) in a network of datacenters. These data centers are geographically distributed and are highly secure. Not only are they secure from digital threats, but also physical threats. From a cybersecurity point of view, there're several reasons why Microsoft doesn't have its data centers in one place:

Natural Disasters: Natural disasters can occur in most places without warning. This means no matter where Microsoft builds its data centers there will always be risks of being under flood, earthquake, tsunami, or other natural disasters.

Having datacenters across many parts of the world distributes risk. In the event one data center is hit by a disaster, Microsoft's data center network ensures uptime by failing over to other data centers that are still up and running. Essentially, Microsoft 365 runs all the time, every time.

Minimizes Political Intervention: Data servers are built in many countries. In many cases, countries selected to host them tend to be stable politically and respect data privacy.

One of the major reasons to build in trusted countries is to once again distribute risk. This protects Microsoft and its users from having their data forcibly taken by rogue authorities.

If one of the countries hosting these data centers deteriorates and becomes risky, Microsoft can migrate the data out to another location to keep it safe.

Exchange Online Protection (EOP)

One of the most sensitive types of data for a business is communications, particularly emails. Microsoft understands this and implemented Exchange Online Protection (EOP) systems to protect your messages.

The EOP is a cloud-based email filtering system. It has many protection features to secure your emails, such as connection filtering, quarantine, mail flow rules, and many more. EOP can also help with email tracing and reporting, as well as message encryption, an add-on you can subscribe to.

As a result, EOP allows your message to be delivered safely to your clients. EOP can also minimize the risk of receiving messages that are either spammy, unrelated to your business, or worse, containing malware and viruses.

Advanced File Encryption

Another concern for many is that while files are uploaded and downloaded from the cloud, others may intercept them. If messages are not encrypted, sensitive information could be intercepted and leaked.

Microsoft 365 manages this risk by implementing encryption technologies such as Transport Layer Security (TLS). This encryption technology encrypts files in transit - as they are sent over the internet. An encrypted file means that even if these files are intercepted by someone else, they're not readable.

When it comes to encryption, the higher the bit rate, the better. In Microsoft 356's case, the encryption bit rate is 256. To unlock or decrypt the files, it will take the world's fastest computer (TianHe2) millions of years. Microsoft is serious about protecting your files.

How To Further Secure Your Microsoft 365 Account?

Regularly backing up data and enabling Multi-Factor Authentication (MFA) are ways to improve your cybersecurity posture. These steps make an already safe Microsoft 365 even safer for your business.

Keep in mind that keeping your Microsoft 365 secure is a joint effort. Microsoft cannot do it alone! In fact, when you read Microsoft's official documents, it says that while it can protect the services, they need your help to protect your own data and devices.

Consider implementing some of the steps below to secure your Microsoft 365 account.

Regularly Backing Up Your Files

At a minimum, all businesses should be regularly backing up data. A properly architected backup infrastructure is a must-have in today's business landscape. There's a lot to be said about backups and every customer's needs will be different, so please discuss your backups with your IT service provider.

Investing in a backup and data recovery solution ensures regular, consistent backups are available in the event of a data breach or disaster. Backup solutions should be regularly tested and able to effectively restore in the event of data loss.

Enabling Multi-Factor Authentication (MFA)

Another aspect of your business technology you want to secure is the devices. Without MFA unauthorized devices might be able to log into your Microsoft 365 account. Without tighter security and access control, your sensitive data is at risk.

One of the best ways to manage device access to your Microsoft 365 is to use Multi-Factor Authentication (MFA). When MFA is enabled, users can only log in after verifying their identity using two or more ways.

For example, after keying in a username and password you get a message sent to your phone with a code. You then enter the code to complete the login. Even if a password is compromised, MFA will stop cybercriminals from gaining access.

MFA settings can be adjusted to the needs of your business. For example, you can require MFA for only certain machines or when users are logging in outside of your office. MFA and various settings will require different Microsoft licenses, so talk with your IT service provider to determine which licenses you need.

Cybersecurity Training For Staff

You will need more than just technology to keep your account safe. People are the ultimate users of Microsoft 365, and everyone in your team is the key to ensuring the safety of your Microsoft 365 account.

Security training for all staff members is a prime way to stay safe using Microsoft 365. Your staff needs to be aware of ways they could give out access without knowing it, such as through phishing. If your business is not engaged in ongoing cybersecurity training for all staff, then it's time to start! Your IT service provider should be able to point you in the right direction.



The information contained in this communication is intended for limited use for informational purposes only. It is not considered professional advice, and instead, is general information that may or may not apply to specific situations. Each case is unique and should be evaluated on its own by a professional qualified to provide advice specifically intended to protect your individual situation. Kosh is not liable for the improper use of this information.


Commenting has been turned off.
bottom of page