+ Title: Top 10 ways to secure your data - Best practices for small and medium-sized businesses

+description: "Learn the top 10 ways to protect your business, including ransomware, phishing, and malicious attachments."

+2. **Protect your administrator accounts**. Administrator accounts (also called admins) have elevated privileges, making these accounts more susceptible to cyberattacks. You'll need to set up and manage the right number of admin and user accounts for your business. We also recommend adhering to the information security principle of least privilege, which means that users and applications should be granted access only to the data and operations they require to perform their jobs. See [Protect your administrator accounts](../../business-premium/m365bp-protect-admin-accounts.md).

+7. **Set sharing settings for SharePoint and OneDrive files and folders**. Your default sharing levels for SharePoint and OneDrive might be set to a more permissive level than you should use. We recommend reviewing and if necessary, changing the default settings to better protect your business. Grant people only the access they need to do their jobs. See [Set sharing settings for SharePoint and OneDrive files and folders](../../business-premium/m365bp-increase-protection.md#set-sharing-settings-for-sharepoint-and-onedrive-files-and-folders).

+10. **Maintain your environment**. After your initial setup and configuration of Microsoft 365 for business is complete, your organization needs a maintenance and operations plan. As employees come and go, you'll need to add or remove users, reset passwords, and maybe even reset devices to factory settings. You'll also want to make sure people have only the access they need to do their jobs. See [Maintain your environment](../../business-premium/m365bp-maintain-environment.md).

+(<a id="fn2">2</a>) Microsoft Intune is included with certain Microsoft 365 plans. Basic Mobility and Security capabilities are part of the Microsoft 365 Business Basic and Standard. [Choose between Basic Mobility and Security or Intune](../basic-mobility-security/choose-between-basic-mobility-and-security-and-intune.md).

+Microsoft 365 Business Premium with its world class productivity tools is a wise choice for small and medium-sized businesses. Designed with cybersecurity in mind, Microsoft 365 Business Premium safeguards your data, devices and information. You are your organization's first and best defense against hackers and cyberattackers, including random individuals, organized crime, or highly sophisticated nation states.

+The task before you is this: let Microsoft 365 Business Premium help secure your organizationΓÇÖs future! Approach this task by taking on the following six missions:

+The guidance in these missions is based upon the [Zero Trust security model](../security/office-365-security/microsoft-365-policies-configurations.md), and is summarized in a downloadable [Cybersecurity playbook](https://download.microsoft.com/download/9/c/1/9c167271-8209-492e-acc2-38a39d1834c2/m365bp-cybersecurity-playbook.pdf)).

+Microsoft 365 Business Premium was designed to help protect your company's user accounts with preconfigured security settings. These settings include enabling multi-factor authentication (MFA) for all your admins and user accounts. For most organizations, security defaults offer a good level of sign-in security. For organizations who must meet more stringent requirements, Conditional Access can be used.

+> You can use *either* security defaults *or* Conditional Access policies, but you can't use both at the same time.

+Welcome to your final critical mission. Here, you'll onboard and implement protection for all the managed devices in your organization. [Onboard your devices to Defender for Business](../security/defender-business/mdb-onboard-devices.md) to help ensure those devices are protected from ransomware, malware, phishing, and other threats. You can also make sure Windows devices are protected and ready for Office deployment. When you're done, you can rest assured, knowing you've done your part to protect your organization when these objectives have been achieved!

+- [Secure Windows devices with default settings](m365bp-secure-windows-devices.md)

+- **Enable your employees to be connected and productive**, whether they're working on site or remotely, with best-in-class collaboration tools like [Microsoft Teams](create-teams-for-collaboration.md).

+- **Provide your employees with secure access to their business data and apps**, and help ensure that only authorized personnel can access confidential work data.

+- **Defend against sophisticated cyberthreats and safeguard your business data** with advanced protection against phishing, ransomware, and data loss.

+- **Manage and secure devices** (Windows, Mac, iOS, and Android) that connect to your data, and help keep those devices up to date.

+Microsoft 365 Business Premium offers you one comprehensive solution for productivity and security. As an admin or IT Pro, you have everything you need in one place for administration, billing, and 24x7 support, while reducing cost and complexity for your business. This article includes the following sections:

+3. [Set up your security capabilities](m365bp-security-overview.md).

+- [Review security recommendations](../security/defender-business/mdb-view-tvm-dashboard.md?toc=/microsoft-365/business-premium/toc.json&bc=/microsoft-365/business-premium/breadcrumb/toc.json).

+- [Review detected threats and take action](m365bp-review-threats-take-action.md).

+- [Review remediation actions](m365bp-review-remediation-actions-devices.md).

+- [Respond to a compromised email account](../security/office-365-security/responding-to-a-compromised-email-account.md).

+After you've initiated the trial and completed the setup process, it can take up to two hours for changes to take effect.

+5. If your hosting provider is GoDaddy or another host enabled with domain connect, you'll be asked to sign in and let Microsoft authenticate on your behalf automatically.

+Microsoft 365 Business Premium includes Defender for Business, a new security solution to protect devices. See [Onboard devices to Microsoft Defender for Business](../security/defender-business/mdb-onboard-devices.md).

+## Use Microsoft 365 Apps on devices

+1. First, you'll need to [install Microsoft 365 Apps](m365bp-install-office-apps.md).

+2. Go to [https://office.com](https://office.com) and sign in. (See [Getting Started at Office.com](https://support.microsoft.com/office/get-started-at-office-com-91a4ec74-67fe-4a84-a268-f6bdf3da1804).)

+3. Now, [assess your security posture](../security/defender/microsoft-secure-score.md), and see how you can improve your score.

+4. Learn how to [respond to a security incident](../security/defender-business/mdb-respond-mitigate-threats.md).

+- [Microsoft 365 Business Premium - cybersecurity for small business](index.md)

+- [What is Microsoft Defender for Business?](../security/defender-business/mdb-overview.md)

+ - *KeyVaultURI1* is the URI for the first key in the policy. For example, `https://contosoWestUSvault1.vault.azure.net/keys/Key_01`.

+ - *KeyVaultURI2* is the URI for the second key in the policy. For example, `https://contosoCentralUSvault1.vault.azure.net/keys/Key_02`. Separate the two URIs by a comma and a space.

+ - *KeyVaultURI1* is the URI for the first key in the policy. For example, `https://contoso_EastUSvault01.vault.azure.net/keys/USA_key_01`.

+ - *KeyVaultURI2* is the URI for the second key in the policy. For example, `https://contoso_EastUS2vault01.vault.azure.net/keys/USA_Key_02`. Separate the two URIs by a comma and a space.

+- Conditions only add properties to the search query; they don't add operators. This is why the query displayed in the detail pane doesn't show operators to the right of the `(c:c)` notation. KQL adds the logical operators (according to the previously explained rules) when the executing the query.

+Users can then encrypt email messages and various attachments by using these options. For a full list of supported attachment types, see ["File types covered by IRM policies when they're attached to messages" in Introduction to IRM for email messages](https://support.office.com/article/bb643d33-4a3f-4ac7-9770-fd50d95f58dc#FileTypesforIRM).

+Recipients of encrypted messages who receive encrypted or rights-protected mail sent to their Outlook.com, Gmail, and Yahoo accounts receive a wrapper mail that directs them to the encrypted message portal where they can easily authenticate using a Microsoft account, Gmail, or Yahoo credentials.

+End users that read encrypted or rights-protected mail on clients other than Outlook also use the encrypted message portal to view encrypted and rights-protected messages that they receive.

+If the sender of the protected mail is in GCC High and the recipient is outside of GCC High, including commercial users, Outlook.com users, and users of other email providers such as Gmail, the recipient receives a wrapper mail. The wrapper mail directs the recipient to the encrypted message portal where the recipient is able to read and reply to the message. Otherwise, if the sender and recipient are both in the GCC High environment, even if they're not in the same organization, then recipients that use Outlook clients to read mail receive native, first-class reading experiences for encrypted and rights-protected mail. For more information about the different experience in GCC High, see [Compare versions of OME](ome-version-comparison.md).

+Mail flow rules are flexible, letting you combine conditions so you can meet specific security requirements in a single rule. For example, you can create a rule to encrypt all messages that contain specified keywords and are addressed to external recipients. Microsoft Purview Message Encryption also encrypts replies from recipients of encrypted email.

+Recipients of encrypted messages who are in organizations will be able to read those messages seamlessly in any version Outlook, including Outlook for PC, Outlook for Mac, Outlook on the web, Outlook for iOS, and Outlook for Android. Users that receive encrypted messages on other email clients can view the messages in the encrypted message portal.

+|[Win 10 lab guides](https://download.microsoft.com/download/b/d/4/bd4f430b-8cd1-4a07-97b1-c32100fce7ae/Win_10_21H2_lab_guides.zip)|[Win 11 lab guides](https://download.microsoft.com/download/5/0/b/50bbe36a-9291-4339-9dcc-2a444fcd1659/Win11_SetUp_Guide_08.05.zip)|

+ Title: Help your frontline workers use collaboration apps and features

+audience: ITPro

+search.appverid:

+searchScope:

+ - Microsoft Teams

+ - Microsoft Cloud for Healthcare

+f1.keywords:

+- NOCSH

+ms.localizationpriority: high

+ - microsoftcloud-healthcare

+ - m365solution-healthcare

+ - m365solution-scenario

+ - m365-frontline

+description: Resources to help you train your frontline workers on communication and collaboration features in Teams and Teams apps.

+appliesto:

+ - Microsoft Teams

+ - Microsoft 365 for frontline workers

+# Help your frontline workers use collaboration apps and features

+Now that your organization has begun using Microsoft 365 for frontline workers and Microsoft Teams, you'll need to make sure your workforce is comfortable using the apps and features available to them.

+Use your [corporate communications strategy](flw-corp-comms.md) to share these video resources to help your frontline team make the most out of the tools available to them.

+## Tags in Microsoft Teams

+Tagging users and teams in posts and chat helps your frontline workers reach the right people faster by finding team members by attributes such as role, location, or project.

+[End user training for posts and messages in Teams](https://support.microsoft.com/office/create-and-format-a-post-e66777da-636b-49eb-9408-b0d88b212885) <br>

+[View the Tags in Microsoft Teams video on YouTube](https://go.microsoft.com/fwlink/?linkid=2202727)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54jBN]

+## Walkie Talkie

+Walkie Talkie provides instant push-to-talk communication so your frontline workers can communicate easily and securely across locations.

+[End user training for Walkie Talkie](https://support.microsoft.com/office/use-walkie-talkie-in-teams-884a008a-761e-4b62-99f8-15671d9a2f69) <br>

+[View the Walkie Talkie video on YouTube](https://go.microsoft.com/fwlink/?linkid=2202710)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE546Fv]

+## Approvals

+Approvals helps frontline workers get approvals for tasks, documents and more.

+[End user training for Approvals](https://support.microsoft.com/office/what-is-approvals-a9a01c95-e0bf-4d20-9ada-f7be3fc283d3?wt.mc_id=otc_microsoft_teams) <br>

+[View the Approvals video on YouTube](https://go.microsoft.com/fwlink/?linkid=2202800)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54mcl]

+## Tasks

+Frontline workers can use Tasks to view, track and complete important tasks throughout the day.

+[End user training for Tasks](https://support.microsoft.com/office/use-the-tasks-app-in-teams-e32639f3-2e07-4b62-9a8c-fd706c12c070) <br>

+[View the Tasks video on YouTube](https://go.microsoft.com/fwlink/?linkid=2202616)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54m8E]

+## Updates

+See how Updates helps frontline workers create, submit and review all updates in the flow of work.

+[End user training for Updates](https://support.microsoft.com/office/get-started-in-updates-c03a079e-e660-42dc-817b-ca4cfd602e5a) <br>

+[View the Updates video on YouTube](https://go.microsoft.com/fwlink/?linkid=2202831)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE5443c]

+## Shifts

+[Learn how to help your employees use Shifts.](shifts-toolkit.md)

+## Help your team, clients, and customers

+Find resources to share with your team to help them get comfortable using Teams apps and features. Get customizable infographics and web content to help your clients and customers use virtual appointments with your organization.

+| Scenario | Description |

+| | |

+|[Help your clients and customers use virtual appointments](virtual-appointments-toolkit.md) |Customizable infographics and FAQ that you can add to your website to make it easy for your clients to use virtual appointments with your organization. |

+|[Help your frontline workers track time and attendance](shifts-toolkit.md) |Videos to help your frontline managers and employees learn about how to use Shifts in Microsoft Teams. |

+|[Help your frontline workers use collaboration apps and features](collab-features-apps-toolkit.md) |Videos to help your frontline team use Microsoft Teams apps and features. |

+[View videos and resources](collab-features-apps-toolkit.md) to share with your team to help them use collaboration apps and features in Teams.

+Learn how to [Manage Shifts for your organization](/microsoftteams/expand-teams-across-your-org/shifts/manage-the-shifts-app-for-your-organization-in-teams?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+Learn how to [help your employees track time and attendance with Shifts](shifts-toolkit.md).

+Share this [Shifts video training](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) with your users.

+[View videos and resources](shifts-toolkit.md) to share with your team to help them use features in Shifts.

+Learn how to [manage Walkie Talkie for your organization](/microsoftteams/walkie-talkie?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+Learn how to [manage the Praise app for your organization](/microsoftteams/manage-praise-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+Use Tasks in Teams to track to-do items for your whole frontline team. Store managers and employees can create, assign, and schedule tasks, categorize tasks, and update status at any time from any device running Teams. IT pros and admins can also publish tasks to specific teams for your organization. For example, you could publish a set of tasks for daily cleaning or steps to set up a new display.

+Learn how to [manage the Tasks app for your organization](/microsoftteams/manage-tasks-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+Learn how to [manage the Approvals app for your organization](/microsoftteams/approval-admin?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+Learn how to [manage the Updates app for your organization](/microsoftteams/manage-updates-app?bc=/microsoft-365/frontline/breadcrumb/toc.json&toc=/microsoft-365/frontline/toc.json).

+ Title: Help your frontline workers track time and attendance

+audience: ITPro

+search.appverid:

+searchScope:

+ - Microsoft Teams

+ - Microsoft Cloud for Healthcare

+f1.keywords:

+- NOCSH

+ms.localizationpriority: high

+ - microsoftcloud-healthcare

+ - m365solution-healthcare

+ - m365solution-scenario

+ - m365-frontline

+description: Resources to help train your frontline team in using Shifts to access and manage their schedules.

+appliesto:

+ - Microsoft Teams

+ - Microsoft 365 for frontline workers

+# Help your frontline workers track time and attendance

+Now that your organization has begun using Shifts to manage schedules, you'll need to make sure that your frontline workers understand how to track their time and attendance.

+Use your [corporate communications strategy](flw-corp-comms.md) to share Shifts training content with your team and make sure they have access to the resources they need:

+1. Share the [Shifts video training](https://support.microsoft.com/office/what-is-shifts-f8efe6e4-ddb3-4d23-b81b-bb812296b821) with your team to help them understand the basics.

+2. Share [Videos for frontline managers](#shifts-videos-for-managers) with your managers to help them set up and manage schedules for their teams.

+3. Share [Videos for users](#shifts-videos-for-users) with all of your frontline staff to help them perform regular tasks such as clocking in and swapping shifts.

+## Shifts videos for managers

+Create a schedule with Shifts <br>

+[View Create a schedule with Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202612)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE546xr]

+Copy a schedule with Shifts <br>

+[View Copy a schedule with Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202298)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54jxu]

+Reuse a weekly schedule from Excel with Shifts <br>

+[View Reuse a weekly schedule from Excel with Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202611)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE546xQ]

+## Shifts videos for users

+Clocking in with Shifts <br>

+[View Clocking in with Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202613)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54uyx]

+Swap Shifts <br>

+[View Swap Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202711)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE54jBv]

+Tags with Shifts <br>

+[View Tags with Shifts on YouTube](https://go.microsoft.com/fwlink/?linkid=2202712)

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE5443n]

+## August 2022

+### View and manage inactive user accounts

+Microsoft 365 Lighthouse now provides a list of all the inactive user accounts in your managed tenants. To access the list, select **Users** > **Inactive users** from the left navigation pane in Microsoft 365 Lighthouse. You can reduce security risks by using this list to track and clean up accounts that are still enabled but that haven't been used in the past six months.

+### Microsoft Edge policy deployment

+We've added a Microsoft Edge policy deployment task to the default baseline. This deployment task allows you to secure your customer tenant's browsers with Edge security settings, which include built-in protection against phishing and malware. Microsoft Edge has been proven to be more secure than Google Chromium for small- and medium-sized businesses with devices running Windows 10 or later.

+For more information, see [Microsoft Edge security for your business](/deployedge/ms-edge-security-for-business).

+### Deployment status reporting

+Microsoft 365 Lighthouse now provides a deployment status for each deployment plan to help you optimize and prioritize your deployment efforts accordingly.

+### Enhanced deployment insights for licensing

+Microsoft 365 Lighthouse now provides insights around which deployment tasks can't be completed for which users due to insufficient licensing. These insights help you adjust the licensing or the deployment plan accordingly to complete your deployment plan.

+### Enhanced baseline deployment with direct links to existing configurations

+We've enhanced the baseline deployment experience to make it faster and easier to ensure your customer tenants are healthy and secure. We've added links to detected customer tenant configurations, so you can easily find, review, and modify these tenant configurations in the applicable management portal.

+We've changed our onboarding requirements to allow you to onboard Microsoft 365 E5 customers to Microsoft 365 Lighthouse. The expanded list of licenses that Microsoft 365 Lighthouse supports for onboarding includes Microsoft 365 Business Premium, Microsoft 365 E3, Microsoft 365 E5, Microsoft Defender for Business, and Windows 365 for Business. Customers who have at least one of any of these licenses, meet the requirements for delegated access permissions, and don't exceed the maximum number of licensed users can be managed in Microsoft 365 Lighthouse.

+We've updated the **Tenants** page to list the Managed Service Provider (MSP)'s delegated access type (None, DAP, GDAP, or Both DAP & GDAP) per customer under the **Delegated access** column. We've also added a new column titled **Your roles** that lists the DAP and GDAP roles per customer for a signed-in user. These two enhancements to the **Tenants** page will make it easier for MSP technicians to understand which types of delegated administrative permissions are available for each customer and which delegated roles have explicitly been granted to them.

+5. On the **Optional settings** page, you can expand **Profile info** and fill in details, such as the user's job title, department, location, and so forth. Then choose **Next**.

+- [Use the setup wizard in Defender for Business](mdb-use-wizard.md).

+- Customers deploying platform update 4.18.2207.5 might experience lagging network performance that could impact applications.

+ START_HOURS_RANGE=20-23

+ ```Type: wq!```

+> This offering isn't currently available to:

+>

+> - US Government customers using GCC, GCC High, and DoD

+> - Microsoft Defender for Business customers

+> [!TIP]

+||||

+| Microsoft Defender Security Center | Monitor and respond to threat activity on your endpoints using capabilities provided with [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint). **NOTE:** Most tenants should now be redirected to the Microsoft 365 Defender portal at [security.microsoft.com](https://security.microsoft.com/). | [securitycenter.windows.com](https://securitycenter.windows.com) |

+| Office 365 Security & Compliance Center | Manage [Exchange Online Protection](../office-365-security/exchange-online-protection-overview.md) and [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/defender-for-office-365) to protect your email and collaboration services, and ensure compliance to various data-handling regulations. **NOTE:** Most tenants using the security sections of the Office 365 Security & Compliance Center should now be redirected to the Microsoft 365 Defender portal at [security.microsoft.com](https://security.microsoft.com/). | [protection.office.com](https://protection.office.com) |

+| Portal name | Description | Link |

+||||

+| Microsoft Endpoint Manager admin center | Use [Microsoft Endpoint Manager](/mem/configmgr/) to manage and secure devices using combined Intune and Configuration Manager capabilities | [endpoint.microsoft.com](https://endpoint.microsoft.com/) |