- Microsoft Office 365 Business Standard Login
- Microsoft Office 365
- Microsoft Business Standard Subscription
Note
With Microsoft 365 Business Standard, you get email hosting plus desktop, premium Office apps, including Word, Excel, PowerPoint, Outlook, as well as other tools to help run and grow your business. Apps are always updated, so they're never out of date. Which plans do include the full downloadable Office apps? Microsoft 365 Apps for enterprise, Microsoft 365 Business Standard, and the Office 365 Enterprise E1 E1, E3, and E5 plans. Which plans don't include the full downloadable Office apps? Microsoft 365 Business Basic and Office 365 Enterprise E1 plans. They include the Office Online apps only. I just checked the link for compare Office 365 versions. It is not clear if the Microsoft Office 365 Business Standard will work on Terminal Server. With 365 Business Standard will the user be able to license his office installation on his PC and his session on the Terminal Server? Microsoft 365 Business Standard: Office 365 Enterprise E3: Suitable for User Size 300 users: Pricing: US$12.50: US$20: Components: Microsoft 365 Business Basic + Microsoft 365 Apps: Office 365 Enterprise E1 + Microsoft 365 Apps: Microsoft Video::: Exchange Online (See Table 1) P1: P2: Skype for Business: P2 with basic client.
The admin center is changing. If your experience doesn't match the details presented here, see About the new Microsoft 365 admin center.
If you are a small or medium-size organization using one of Microsoft's business plans and your type of organization is targeted by cyber criminals and hackers, use the guidance in this article to increase the security of your organization. This guidance helps your organization achieve the goals described in the Harvard Kennedy School Cybersecurity Campaign Handbook.
Microsoft recommends that you complete the tasks listed in the following table that apply to your service plan.
Task | Microsoft 365 Business Standard | Microsoft 365 Business Premium |
---|---|---|
1 | Set up multi-factor authentication | |
2 | Train your users | |
3 | Use dedicated admin accounts | |
4 | Raise the level of protection against malware in mail | |
5 | Protect against ransomware | |
6 | Stop auto-forwarding for email | |
7 | Use Office Message Encryption | |
8 | Protect your email from phishing attacks | |
9 | Protect against malicious attachments and files with Safe Attachments | |
10 | Protect against phishing attacks with Safe Links |
Before you begin, check your Microsoft 365 Secure Score in the Microsoft 365 security center. From a centralized dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organization's security health.
1: Set up multi-factor authentication
Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your organization. It's easier than it sounds - when you log in, multi-factor authentication means you'll type a code from your phone to get access to Microsoft 365. This can prevent hackers from taking over if they know your password. Multi-factor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google or Microsoft accounts. Here's how to add two-step verification to your personal Microsoft account.
For businesses using Microsoft 365, add a setting that requires your users to log in using multi-factor authentication. When you make this change, users will be prompted to set up their phone for two-factor authentication next time they log in.To see a training video for how to set up MFA and how users complete the set up, see set up MFA and user set up.
To set up multi-factor authentication, you turn on Security defaults:
For most organizations, Security defaults offer a good level of additional sign-in security. For more information, see What are security defaults?
If your subscription is new, Security defaults might already be turned on for you automatically.
You enable or disable security defaults from the Properties pane for Azure Active Directory (Azure AD) in the Azure portal.
- Sign in to the Microsoft 365 admin center with global admin credentials.
- In the left nav choose Show All and under Admin centers, choose Azure Active Directory.
- In the Azure Active Directory admin center choose Azure Active Directory > Properties.
- At the bottom of the page, choose Manage Security defaults.
- Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.
After you set up multi-factor authentication for your organization, your users will be required to set up two-step verification on their devices. For more information, see Set up 2-step verification for Microsoft 365.
For full details and complete recommendations, see Set up multi-factor authentication for users.
2: Train your users
The Harvard Kennedy School Cybersecurity Campaign Handbook provides excellent guidance on establishing a strong culture of security awareness within your organization, including training users to identify phishing attacks.
In addition to this guidance, Microsoft recommends that your users take the actions described in this article: Protect your account and devices from hackers and malware. These actions include:
Using strong passwords
Protecting devices
Enabling security features on Windows 10 and Mac PCs
Microsoft also recommends that users protect their personal email accounts by taking the actions recommended in the following articles:
3: Use dedicated admin accounts
The administrative accounts you use to administer your Microsoft 365 environment include elevated privileges. These are valuable targets for hackers and cyber criminals. Use admin accounts only for administration. Admins should have a separate user account for regular, non-administrative use and only use their administrative account when necessary to complete a task associated with their job function. Additional recommendations:
Be sure admin accounts are also set up for multi-factor authentication.
Before using admin accounts, close out all unrelated browser sessions and apps, including personal email accounts.
After completing admin tasks, be sure to log out of the browser session.
4: Raise the level of protection against malware in mail
Your Microsoft 365 environment includes protection against malware, but you can increase this protection by blocking attachments with file types that are commonly used for malware. To bump up malware protection in email, view a short training video, or complete the following steps:
Go to https://protection.office.com and sign in with your admin account credentials.
In the Security & Compliance Center, in the left navigation pane, under Threat management, choose Policy > Anti-Malware.
Double-click the default policy to edit this company-wide policy.
Select Settings.
Under Common Attachment Types Filter, select On. The file types that are blocked are listed in the window directly below this control. You can add or delete file types later, if needed.
Select Save.
For more information, see Anti-malware protection in EOP.
5: Protect against ransomware
Ransomware restricts access to data by encrypting files or locking computer screens. It then attempts to extort money from victims by asking for 'ransom,' usually in form of cryptocurrencies like Bitcoin, in exchange for access to data.
You can protect against ransomware by creating one or more mail flow rules to block file extensions that are commonly used for ransomware, or to warn users who receive these attachments in email. A good starting point is to create two rules:
Warn users before opening Office file attachments that include macros. Ransomware can be hidden inside macros, so we'll warn users to not open these files from people they do not know.
Block file types that could contain ransomware or other malicious code. We'll start with a common list of executables (listed in the table below). If your organization uses any of these executable types and you expect these to be sent in email, add these to the previous rule (warn users).
To create a mail transport rule, view a short training video, or complete the following steps:
Go to the Exchange admin center.
In the mail flow category, select rules.
Select +, and then Create a new rule.
Select **** at the bottom of the dialog box to see the full set of options.
Apply the settings in the following table for each rule. Leave the rest of the settings at the default, unless you want to change these.
Select Save.
Setting | Warn users before opening attachments of Office files | Block file types that could contain ransomware or other malicious code |
---|---|---|
Name | Anti-ransomware rule: warn users | Anti-ransomware rule: block file types |
Apply this rule if . . . | Any attachment . . . file extension matches . . . | Any attachment . . . file extension matches . . . |
Specify words or phrases | Add these file types: dotm, docm, xlsm, sltm, xla, xlam, xll, pptm, potm, ppam, ppsm, sldm | Add these file types: ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh, exe, pif |
Do the following . . . | Prepend a disclaimer | Block the message . . . reject the message and include an explanation |
Provide message text | Do not open these types of files—unless you were expecting them—because the files may contain malicious code and knowing the sender isn't a guarantee of safety. |
Tip
You can also add the files you want to block to the Anti-malware list in step 4.
For more information, see:
6: Stop auto-forwarding for email
Hackers who gain access to a user's mailbox can exfiltrate mail by configuring the mailbox to automatically forward email. This can happen even without the user's awareness. You can prevent this from happening by configuring a mail flow rule.
To create a mail transport rule:
Go to the Exchange admin center.
In the mail flow category, select rules.
Select +, and then Create a new rule.
Select More options at the bottom of the dialog box to see the full set of options.
Apply the settings in the following table. Leave the rest of the settings at the default, unless you want to change these.
Select Save.
Setting | Reject Auto-Forward emails to external domains |
---|---|
Name | Prevent auto forwarding of email to external domains |
Apply this rule if ... | The sender . . . is external/internal . . . Inside the organization |
Add condition | The recipient . . . is external/internal . . . Outside the organization |
Add condition | The message properties . . . include the message type . . . Auto-forward |
Do the following ... | Block the message . . . reject the message and include an explanation. |
Provide message text | Auto-forwarding email outside this organization is prevented for security reasons. |
7: Use Office Message Encryption
Office Message Encryption is included with Microsoft 365. It's already set up. With Office Message Encryption, your organization can send and receive encrypted email messages between people inside and outside your organization. Office 365 Message Encryption works with Outlook.com, Yahoo!, Gmail, and other email services. Email message encryption helps ensure that only intended recipients can view message content.
Office Message Encryption provides two protection options when sending mail:
Do not forward
Encrypt
Your organization might have configured additional options that apply a label to email, such as Confidential.
To send protected email
In Outlook for PC, select Options in the email, and then choose Permissions.
In Outlook.com, select Protect in the email. The default protection is Do not forward. To change this to encrypt, select Change Permissions > Encrypt.
To receive encrypted email
If the recipient has Outlook 2013 or Outlook 2016 and a Microsoft email account, they'll see an alert about the item's restricted permissions in the Reading pane. After opening the message, the recipient can view the message just like any other.
If the recipient is using another email client or email account, such as Gmail or Yahoo, they'll see a link that lets them either sign in to read the email message or request a one-time passcode to view the message in a web browser. If users aren't receiving the email, have them check their Spam or Junk folder.
For more information, see Send, view, and reply to encrypted messages in Outlook for PC.
8. Protect your email from phishing attacks
If you've configured one or more custom domains for your Microsoft 365 environment, you can configure targeted anti-phishing protection. Anti-phishing protection, a part of Microsoft Defender for Office 365, can help protect your organization from malicious impersonation-based phishing attacks and other phishing attacks. If you haven't configured a custom domain, you do not need to do this.
We recommend that you get started with this protection by creating a policy to protect your most important users and your custom domain.
To create an anti-phishing policy in Defender for Office 365, view a short training video, or complete the following steps:
Go to https://protection.office.com.
In the Security & Compliance Center, in the left navigation pane, under Threat management, select Policy.
On the Policy page, select Anti-phishing.
On the Anti-phishing page, select + Create. A wizard launches that steps you through defining your anti-phishing policy.
Specify the name, description, and settings for your policy as recommended in the chart below. See Learn about anti-phishing policy in Microsoft Defender for Office 365 options for more details.
After you have reviewed your settings, select Create this policy or Save, as appropriate.
Setting or option | Recommended setting |
---|---|
Name | Domain and most valuable campaign staff |
Description | Ensure most important staff and our domain are not being impersonated. |
Add users to protect | Select + Add a condition, The recipient is. Type user names or enter the email address of the candidate, campaign manager, and other important staff members. You can add up to 20 internal and external addresses that you want to protect from impersonation. |
Add domains to protect | Select + Add a condition, The recipient domain is. Enter the custom domain associated with your Microsoft 365 subscription, if you defined one. You can enter more than one domain. |
Choose actions | If email is sent by an impersonated user: select Redirect message to another email address, and then type the email address of the security administrator; for example, securityadmin@contoso.com. If email is sent by an impersonated domain: select Quarantine message. |
Mailbox intelligence | By default, mailbox intelligence is selected when you create a new anti-phishing policy. Leave this setting On for best results. |
Add trusted senders and domains | For this example, don't define any overrides. |
Applied to | Select The recipient domain is. Under Any of these, select Choose. Select + Add. Select the check box next to the name of the domain, for example, contoso.com, in the list, and then select Add. Select Done. |
For more information, see Set up anti-phishing policies in Defender for Office 365.
9: Protect against malicious attachments and files with Safe Attachments
People regularly send, receive, and share attachments, such as documents, presentations, spreadsheets, and more. It's not always easy to tell whether an attachment is safe or malicious just by looking at an email message. Microsoft Defender for Office 365 includes Safe Attachment protection, but this protection is not turned on by default. We recommend that you create a new rule to begin using this protection. This protection extends to files in SharePoint, OneDrive, and Microsoft Teams.
To create an Safe attachment policy, view a short training video, or complete the following steps:
Go to https://protection.office.com and sign in with your admin account.
In the Security & Compliance Center, in the left navigation pane, under Threat management, select Policy.
On the Policy page, select Safe Attachments.
On the Safe attachments page, apply this protection broadly by selecting the Turn on ATP for SharePoint, OneDrive, and Microsoft Teams check box.
Select + to create a new policy.
Apply the settings in the following table.
After you have reviewed your settings, select Create this policy or Save, as appropriate.
Setting or option | Recommended setting |
---|---|
Name | Block current and future emails with detected malware. |
Description | Block current and future emails and attachments with detected malware. |
Save attachments unknown malware response | Select Block - Block the current and future emails and attachments with detected malware. |
Redirect attachment on detection | Enable redirection (select this box) Enter the admin account or a mailbox setup for quarantine. Apply the above selection if malware scanning for attachments times out or error occurs (select this box). |
Applied to | The recipient domain is . . . select your domain. |
For more information, see Set up anti-phishing policies in Defender for Office 365.
10: Protect against phishing attacks with Safe Links
Hackers sometimes hide malicious websites in links in email or other files. Safe Links, part of Microsoft Defender for Office 365, can help protect your organization by providing time-of-click verification of web addresses (URLs) in email messages and Office documents. Protection is defined through Safe Links policies.
We recommend that you do the following:
Modify the default policy to increase protection.
Add a new policy targeted to all recipients in your domain.
To get to Safe Links, view a short training video, or complete the following steps:
Go to https://protection.office.com and sign in with your admin account.
In the Security & Compliance Center, in the left navigation pane, under Threat management, select Policy.
On the Policy page, select Safe Links.
To modify the default policy:
On the Safe links page, under Policies that apply to the entire organization, double-click the Default policy.
Under Settings that apply to content across Office 365, enter a URL to be blocked, such as example.com, and select +.
Under Settings that apply to content except email, select Office 365 applications, Do not track when users click safe links, and Do not let users click through safe links to original URL.
Select Save.
To create a new policy targeted to all recipients in your domain:
On the Safe links page, under Policies that apply to specific recipients, select + to create a new policy.
Apply the settings listed in the following table.
Select Save.
Setting or option | Recommended setting |
---|---|
Name | Safe links policy for all recipients in the domain |
Select the action for unknown potentially malicious URLs in messages | Select On - URLs will be rewritten and checked against a list of known malicious links when user clicks on the link. |
Apply real-time URL scanning for suspicious links and links that point to files | Select this box. |
Applied to | The recipient domain is . . . select your domain. |
For more information, see Safe Links in Microsoft Defender for Office 365.
-->The people on your team each need a user account before they can sign in and access Microsoft 365 for business. The easiest way to add user accounts is to add them one at a time in the Microsoft 365 admin center. After you do this step, your users have Microsoft 365 licenses, sign in credentials, and Microsoft 365 mailboxes.
Before you begin
You must be a global, license, or a user admin to add users and assign licenses. For more information, see About admin roles.
Microsoft Office 365 Business Standard Login
Watch: Add users in the admin center
Note
The steps used in the video show a different starting point for adding users, but the remaining steps are the same as the following procedure.
Add users one at a time
- Go to the admin center at https://admin.microsoft.com.
- Go to the admin center at https://portal.office.de.
- Go to the admin center at https://portal.partner.microsoftonline.cn.
- Go to Users > Active users, and select Add a user.
- In the Set up the basics pane, fill in the basic user information, and then select Next.
- Name Fill in the first and last name, display name, and username.
- Domain Choose the domain for the user's account. For example, if the user's username is Jakob, and the domain is contoso.com, they'll sign in by using jakob@contoso.com.
- Password settings Choose to use the autogenerated password or to create your own strong password for the user.
- The user must change their password after 90 days. Or you can choose to Require this user to change their password when they first sign in.
- Choose whether you want to send the password in email when the user is added.
- In the Assign product licenses pane, select the location and the appropriate license for the user. If you don't have any licenses available, you can still add a user and buy additional licenses. Expand Apps and select or deselect apps to limit the apps the user has a license for. Select Next.
- In the Optional settings pane, expand Roles to make this user an admin. Expand Profile info to add additional information about the user.
- Select Next, review your new user's settings, make any changes you like, then select Finish adding, then Close.
Add multiple users at the same time
You can use any of the following methods to add multiple users at the same time:
- Use a spreadsheet to add people in bulk. See Add several users at the same time.
- Automate adding accounts and assigning licenses. See Create user accounts with Microsoft 365 PowerShell. Choose this method if you're already familiar with using Windows PowerShell cmdlets.
- Using ActiveDirectory?Set up directory synchronization for Microsoft 365. Use the Azure AD Connect tool to replicate Active Directory user accounts (and other Active Directory objects) in Microsoft 365. The sync only adds the user accounts. You must assign licenses to the synced users before they can use email and other Office apps.
- Migrating from Exchange? See Ways to migrate multiple email accounts to Office 365. When you migrate multiple mailboxes to Microsoft 365 by using either cutover, staged, or a hybrid Exchange method, you automatically add users as part of the migration. The migration only adds the user accounts. You must assign licenses to the users before they can use email and other Office apps. If you don't assign a license to a user, their mailbox is disabled after a grace period of 30 days. Learn how to assign licenses to users in the Microsoft 365 admin center.
Microsoft Office 365
Next steps
After you add a user, you get an email notification from Microsoft. The email contains the person's user ID and password so they can sign in to Microsoft 365. Use your normal process for communicating new passwords. Share the Employee quickstart guide with your new users to set up things, like how to download and install Office apps on a PC or Mac and how to set up Office apps and email on a mobile device.
Related content
Microsoft Business Standard Subscription
Add a new employee to Microsoft 365 (article)
Add several users at the same time to Microsoft 365 (article)
Restore a user in Microsoft 365 (article)
Assign licenses to users (article)
Delete a user from your organization (article)
Comments are closed.