Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft 365 for business is the collective name of Microsoft 365 subscriptions that cater to small to medium sized businesses up to 300 users. For more information, see What is Microsoft 365 for business?.
Microsoft 365 for business includes the following subscriptions:
Microsoft 365 Business Basic: For setup instructions, see Set up Microsoft 365 Business Basic.
Microsoft 365 Business Standard: For setup instructions, see Set up Microsoft 365 Business Standard with a new or existing ___domain.
Microsoft 365 Business Premium: For setup instructions, see Sign in and set up Microsoft 365 Business Premium.
Tip
Microsoft 365 for Campaigns is a low priced version of Business Premium for eligible political campaigns or political parties in eligible countries. The security features in Business Premium and Microsoft 365 for Campaigns are identical, unless otherwise identified. For setup instructions, see Microsoft 365 for Campaigns.
This article and the related content is intended for "administrators" or "admins" who are responsible for the security configuration and settings that affect the entire organization. Whether you have a background in IT or you're thrust into the role by default, you're an admin (congratulations).
Areas of security in Microsoft 365 for business
After you finish setting up your Microsoft 365 for business organization, you need to review and configure the security settings. You can organize the security settings in Microsoft 365 for business into the following categories:
- Account security.
- Email and collaboration security.
- Device security.
These security categories are described in the following sections and are summarized in the following table:
| Business Basic |
Business Standard |
Business Premium |
|
|---|---|---|---|
| Account security | |||
| Microsoft Entra ID | Free | Free | Plan 1 |
| Microsoft Defender Suite for Business Premium | Purchased separately (includes Microsoft Entra ID P2) |
||
| Email and collaboration security | |||
| Default email protections for cloud mailboxes | ✔ | ✔ | ✔ |
| Microsoft Defender for Office 365 | Plan 1 | ||
| Microsoft Defender Suite for Business Premium | Purchased separately (includes Defender for Office 365 Plan 2) |
||
| Device security | |||
| Basic Mobility and Security | ✔ | ✔ | ✔ |
| Microsoft Intune | Plan 1 | ||
| Microsoft Defender for Business | ✔ | ||
| Microsoft Defender Suite for Business Premium | Purchased separately (includes Defender for Endpoint Plan 2) |
Account security
All subscriptions in Microsoft 365 for business include Microsoft Entra ID Free, which includes the feature named security defaults. Because security defaults is on by default, multifactor authentication (MFA) is enabled by default in Microsoft 365 for business organizations.
Business Premium also includes Microsoft Entra ID P1, which includes the feature named Conditional Access. Conditional Access uses granular policies based on Zero Trust architecture to give users access to resources. If your organization requires increased or complex security settings, you can use Conditional Access policies instead of security defaults.
For information about security defaults and conditional access, see Multifactor authentication in Microsoft 365 for business.
For other considerations for administrator or admin accounts, see Admin account security in Microsoft 365 for business
Email and collaboration security
All subscriptions in Microsoft 365 for business include the default email protections for cloud mailboxes against malware, spam, and phishing (spoofing) in email. For more information, see Default email protections for cloud mailboxes.
The default email protections for cloud mailboxes include the following types of threat policies that are on by default:
Microsoft 365 Business Premium also includes Microsoft Defender for Office 365 Plan 1, which adds the following types of protection:
- Impersonation protection and phishing email thresholds in anti-phishing policies
- Safe Attachments policies
- Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
- Safe Links policies
The default settings for these email and collaboration protection features provide a good level of protection. But for even better protection, we recommend configuring more settings and features for the best available protection (for example, turn on and assign the Standard and/or Strict preset security policies).
For more information, see Email and collaboration security in Microsoft 365 for business.
Tip
For a deeper dive into default policies vs. custom policies vs. preset security policies, see Configure threat policies in Defender for Office 365.
The security settings in default policies, the Standard preset security policy, and the Strict preset security policy are listed in the tables in Recommended email and collaboration threat policy settings for cloud organizations.
Device security
All subscriptions in Microsoft 365 for business include Basic Mobility and Security, which is a limited subset of Microsoft Intune. Basic Mobility and Security is a mobile device management (MDM) solution that helps you secure access to company data on enrolled devices in supported apps.
For more information, see Overview of Basic Mobility and Security for Microsoft 365.
Business Premium includes the following extra features for device security:
Microsoft Intune Plan 1: Improves upon Basic Mobility and Security with more features:
- Support for mobile device management (MDM) and mobile application management (MAM) strategies. In MDM, the company manages the whole device. In MAM, the company manages company data on the device (which is an option for personal devices, also known as bring your own device or BYOD).
- Support for more device types (including macOS).
- and more.
For more information, see the following articles:
Microsoft Defender for Business: Endpoint security for devices designed especially for small to medium sized businesses. Defender for Business is equivalent to Microsoft Defender for Endpoint Plan 1 with some features from Defender for Endpoint Plan 2.
For more information, see the following articles:
Ability to add Microsoft Defender Suite for Business Premium: If you choose to buy this extra subscription, you get the following upgraded features:
- Microsoft Entra ID P2
- Microsoft Defender for Identity
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Office 365 Plan 2
- Microsoft Defender for Cloud Apps
For more information, see Add Microsoft Defender Suite for Business Premium to your Microsoft 365 Business Premium subscription.