Microsoft 365 Business Premium security and compliance features
Microsoft 365 Business Premium offers simplified security features to help safeguard your data on PCs, phones, and tablets.
Microsoft 365 admin center security features
You can manage many of the Microsoft 365 Business Premium security features in the admin center, which gives you a simplified way to turn these features on or off. In the admin center, you can do the following:
These settings include deleting files from an inactive device after a set period, encrypting work files, requiring that users set a PIN, and so on.
These settings can be applied to company data on both company-owned, or personally owned devices.
You can remotely wipe company data if a device is lost, stolen, or an employee leaves your company.
You can reset any Windows 10 devices that have device protection settings applied to them.
Additional security features
Advanced features in Microsoft 365 Business Premium are available to help you protect your business against cyber-threats and safeguard sensitive information.
Advanced Threat Protection (ATP) helps guard your business against sophisticated phishing and ransomware attacks designed to compromise employee or customer information. Features include:
Sophisticated attachment scanning and AI-powered analysis to detect and discard dangerous messages.
Automatic checks of links in email to assess if they're part of a phishing scheme. This keeps you safe from accessing unsafe websites.
Accessing the Intune admin center in the Azure portal allows you to set up additional security features, such as management of MacOS devices, iPhone, and Android devices, along with advanced device management for Windows, that aren't available through Microsoft 365 admin center.
Same Conditional Access as Azure AD Premium P1 plan
Conditional Access can help protect your organization from sign-in risk, access attempts from an unexpected network or locale, access attempts from risky device types, and so on. Conditional Access policies are enforced after the first authentication is completed, and it uses signals from the first authentication event to determine if the attempted access should be approved, denied, or if more proof (such as a second form of identification) is required.
The conditional access features included are:
- Access based on username, group, and role
- Access based on an app
- Access based on location; only allow access from trusted IP ranges or specific countries
- Require MFA for access
- Block access to apps that use legacy authentication
- Require apps tp use Intune app protection
- Custom authentication such as MFA with third-party providers, for example DUO.
- Self-service password reset for hybrid Azure AD
Your Microsoft 365 Business Premium subscription includes features that help you maintain compliance and regulatory standards.
You can set up DLP to automatically detect sensitive information, like credit card numbers, social security numbers, and so on, to prevent their inadvertent sharing outside your company.
Exchange Online Archiving license enables messages to be easily archived with continuous data backup. It stores all of a user's emails, including deleted items, in case they're needed later for discovery or restoration. Additionally, you can use different retention policies to preserve email data for litigation holds, eDiscovery, or to meet compliance requirements.
Microsoft 365 Business Premium includes all the features of Azure Information Protection Plan 1. With this plan, you can create Sensitivity labels that allow you to control access to sensitive information in email and documents, with controls like "Do not forward" and "Do not copy." You can also classify sensitive information as "Confidential" and specify how classified information can be shared outside and inside the business. Enterprise-grade encryption is easy to apply to email and documents to keep your information private. You can also install the Azure Information Protection client add-in for Office apps. For more information, see Azure Information Protection unified labeling client. For Sensitivity labels, install the AzInfoProtection_UL.exe.
You can manage these features in the Security & Compliance center and the Intune admin center. Over time the simplified controls will be added to the Microsoft 365 admin center.
Are these security features available in all markets?
Yes, these features are available in all markets where Microsoft 365 Business Premium is sold.
How do I find the Security & Compliance center?
Sign in to Microsoft 365 Business Premium by using your admin credentials.
In the left nav, locate Admin centers and expand it.
Choose Security & Compliance to go to Security & compliance center.