Increased Microsoft 365 security for your Microsoft 365 Enterprise test environment
This Test Lab Guide can only be used for Microsoft 365 Enterprise test environments.
With the instructions in this article, you configure additional Microsoft 365 settings to increase security in your Microsoft 365 Enterprise test environment.
Click here for a visual map to all the articles in the Microsoft 365 Enterprise Test Lab Guide stack.
Phase 1: Build out your Microsoft 365 Enterprise test environment
If you just want to configure increased Microsoft 365 security in a lightweight way with the minimum requirements, follow the instructions in Lightweight base configuration.
If you want to configure increased Microsoft 365 security in a simulated enterprise, follow the instructions in Pass-through authentication.
Testing increased Microsoft 365 security does not require the simulated enterprise test environment, which includes a simulated intranet connected to the Internet and directory synchronization for an Active Directory Domain Services (AD DS) forest. It is provided here as an option so that you can test automated licensing and group membership and experiment with it in an environment that represents a typical organization.
Phase 2: Configure increased Microsoft 365 security
In this phase, you enable increased Microsoft 365 security for your Microsoft 365 Enterprise test environment. For additional details and settings, see Configure your Office 365 tenant for increased security.
Configure SharePoint Online to block apps that don’t support modern authentication
Apps that do not support modern authentication cannot have identity and device access configurations applied to them, which is an important element of securing your Microsoft 365 subscription and its digital assets.
- Go to the Microsoft 365 admin center (https://portal.microsoft.com) and sign in to your Office 365 test lab subscription with your global administrator account.
If you are using the lightweight Microsoft 365 test environment, sign in from your local computer.
If you are using the simulated enterprise Microsoft 365 test environment, use the Azure portal to connect to the CLIENT1 virtual machine, and then sign in from CLIENT1.
- On the new Microsoft 365 admin center tab, click Admin centers > SharePoint.
- On the new SharePoint admin center tab, click Access control.
- Under Apps that don’t support modern authentication, click Block, and then click OK.
Enable Advanced Threat Protection for SharePoint, OneDrive for Business, and Microsoft Teams
Office 365 Advanced Threat Protection (ATP) for SharePoint, OneDrive, and Microsoft Teams protects your organization from inadvertently sharing malicious files.
Go to the Office 365 Security & Compliance Center and sign in with your global administrator account.
In the left navigation pane, under Threat management, choose Policy > Safe Attachments.
Select Turn on ATP for SharePoint, OneDrive, and Microsoft Teams.
Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to the malware author.
Office 365 has built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect you from spam. For more information, see Anti-spam & anti-malware protection in Office 365
To ensure that anti-malware processing is being performed on files with common attachment file types:
- Click the back button on your browser to get back to the Policy page.
- Click Anti-malware.
- Double-click the policy named Default.
- In the Anti-malware policy window, click Settings.
- Under Common Attachment Types filter, click On > Save.
Phase 3: Examine the threat management dashboard
Office 365 Threat management can help you control and manage mobile device access to your organization's data, help protect your organization from data loss, and help protect inbound and outbound messages from malicious software and spam. You also use threat management to protect your domain's reputation and to determine whether or not senders are maliciously spoofing accounts from your domain. For more information, see Threat management in the Microsoft 365 security center.
See the Configure increased security for Microsoft 365 step in the Information protection phase for information and links to configure these settings in production.
Explore additional information protection features and capabilities in your test environment.