Microsoft 365 Business security features
Microsoft 365 Business offers simplified security features to help safeguard your data on PCs, phones, and tablets.
Microsoft 365 Business admin center security features
You can manage many of the Microsoft 365 Business security features in the admin center, which gives you a simplified way to turn these features on or off. In the admin center you can do the following:
These settings include deleting files from an inactive device after a set period, encrypting work files, requiring that users set a PIN, etc.
These settings can be applied to company data on both company-owned, or personally-owned devices.
You can remotely wipe company data if a device is lost, stolen, or an employee leaves your company.
You can reset any Windows 10 devices that have device protection settings applied to them.
Additional security features
Advanced features in Microsoft 365 Business are available to help you protect your business against cyber-threats and safeguard sensitive information.
Advanced Threat Protection (ATP) helps guard your business against sophisticated phishing and ransomware attacks designed to compromise employee or customer information. Features include:
Sophisticated attachment scanning and AI-powered analysis to detect and discard dangerous messages.
Automatic checks of web links in email to assess if they are part of a phishing scheme. This keeps you safe from accessing unsafe websites.
You can set up DLP to automatically detect sensitive information, like credit card numbers, social security numbers, etc. to prevent their inadvertent sharing outside your company.
Exchange Online Archiving license enables messages to be easily archived with continuous data backup. It stores all of a user's emails, including deleted items, in case they are needed later for discovery or restoration. Additionally, you can use different retention policies to preserve email data for litigation holds, eDiscovery, or to meet compliance requirements.
Information protection helps you control access to sensitive information in email and documents with controls like "Do not forward" and "Do not copy." You can also classify sensitive information as "Confidential" and specify how classified information can be shared outside and inside the business. Enterprise-grade encryption is easy to apply to email and documents to keep your information private. Microsoft 365 Business includes all the features of Azure Information Protection Plan 1. You can also install the Azure Information Protection client add-in for Office apps. For more details, see Azure Information Protection client admininstrator guide.
Accessing the Intune admin center in the Azure portal allows you to set up additional security features, such as the management of MacOS devices, iPhone, and Android devices along with advanced device management for Windows, that are not available through Microsoft 365 Business admin center.
The next sections describe how you can manage these features in the Security & Compliance center and the Intune admin center. Over time the simplified controls will be added to the Microsoft 365 Business admin center.
Are these security features available in all markets?
Yes, these features are available in all markets where Microsoft 365 Business is sold.
How do I find the Security & Compliance center?
Sign in to Microsoft 365 Business by using your admin credentials.
In the left nav, locate Admin centers and expand it.
Choose Security & Compliance to go to Security & compliance center.
Send feedback about: