Updated: Apr 12, 2021
So, you run a small business and you want to take advantage of the "cloud". Since you already use Microsoft Office, you are probably looking at the Microsoft 365 business platform: Email, OneDrive, Desktop Apps, and a bunch of other cool cloud stuff.
If you've already done some research here, you might then be thinking "oh, I need the premium version, because that has the best security features". What if I told you that the cheaper Microsoft 365 plans can actually give you better security than the more expensive premium version?
First, let's have a quick look at some of the security features that you get with Microsoft 365 Business Premium version.
1. Conditional Access with Multi-Factor Authentication
You control who can login based on their device, their location, and multi-factor authentication (MFA). MFA means that, in addition to a password, they will need a code from their phone (for instance) in order to complete the login to their email (for instance).
2. Microsoft Defender Advanced Threat Protection (ATP)
This is an advanced anti-virus protection that sits on your computer (like normal AV), but also scans things like your Office 365 email before it even reaches your computer.
3. Data Loss Prevention
This feature allows you to put limits on how data can be copied out of Office 365 (e.g. prevent copying onto USB keys). I personally think this is misnamed, and it should be called "Data Leakage Protection". The current name sounds like it has something to do with backups!
I can easily name many other security features in the Premium version, but let's have a look at what the Microsoft 365 Business Standard gives you for security.
Microsoft 365 Security Defaults
This is...what it sounds like. It is a group of security settings that Microsoft will automatically apply to your organisation. This is the main security feature present in the non-Premium version.
Here's the main benefit though: You will automatically get MFA protection when a login is suspicious, with just a single check box! Microsoft have been offering this in some form since 2014, and their reports conclude that 99.9% of hacked accounts can be prevented with this feature.
Still dubious about how this works? Check out this video from Matt Soseman where he demonstrates the effectiveness:
I know some will ask: Why would anyone buy the higher Microsoft cloud plans if they are less secure ? They're not less secure. In fact, they can be more secure, if you have the time to configure them correctly, and monitor and manage them afterwards (or, if you pay someone else to do that for you!).
A big issue we face as small business owners is that we're often time poor. If something is complex to configure, then sometimes we take shortcuts that we can "fix later". If you're in that position, then you are probably going to get better security with the basic / standard Microsoft 365 Business plans and their Security Defaults checkbox (as well as a cheaper bill!).