{"id":19825,"date":"2026-02-12T14:15:47","date_gmt":"2026-02-12T13:15:47","guid":{"rendered":"https:\/\/coreit.se\/okategoriserad\/how-to-secure-exchange-online-in-microsoft-365"},"modified":"2026-03-26T07:24:04","modified_gmt":"2026-03-26T06:24:04","slug":"how-to-secure-exchange-online-in-microsoft-365","status":"publish","type":"post","link":"https:\/\/coreit.se\/en\/faq\/how-to-secure-exchange-online-in-microsoft-365","title":{"rendered":"How to secure Exchange Online in Microsoft 365?"},"content":{"rendered":"\n

How to secure Exchange Online in Microsoft 365?<\/h2>

Exchange Online in Microsoft 365 is protected by a combination of security features such as Anti-Phishing, Anti-Malware, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), retention policies and external backup. These layers ensure that email communications are protected against threats, unauthorized access and accidental deletion, while allowing recovery in case of incidents. <\/p> <\/div>

Protection features in Exchange Online<\/h2>

Exchange Online offers several built-in features that ensure secure email management for businesses.<\/p>

Anti-Phishing and Anti-Malware<\/h3>

Emails are automatically filtered to block phishing attempts, malware and suspicious attachments before they reach users.<\/p>

Data Loss Prevention (DLP)<\/h3>

DLP policies identify sensitive information and prevent it from being inadvertently sent outside the organization.<\/p>

Multi-Factor Authentication (MFA)<\/h3>

MFA protects user accounts by requiring multiple verification steps, reducing the risk of account hijacking.<\/p>

Retention policies and Legal Hold<\/h3>

Retention and Legal Hold ensure that important emails are preserved for defined periods and cannot be accidentally deleted.<\/p>

External backup<\/h3>

Third-party backup solutions create separate copies of emails and make it possible to restore with complete integrity.<\/p>

Audit logs<\/h3>

All actions are logged, providing traceability in case of security incidents or data breaches.<\/p>

Encryption<\/h3>

Email is encrypted at rest and in transit to protect against unauthorized access and interception.<\/p> <\/div>

Practical measures<\/h2>
  • Enable MFA:<\/strong> Protect user accounts against unauthorized access.<\/li>
  • Implement DLP:<\/strong> Prevent sensitive information from being leaked via email.<\/li>
  • Configure retention policies:<\/strong> retain important emails for a defined period of time.<\/li>
  • Use Legal Hold if necessary:<\/strong> Ensure that legally relevant emails are kept.<\/li>
  • External backup solutions:<\/strong> Ensure recovery in case of incidents or deletion.<\/li> <\/ul> <\/div>

    Related questions<\/h2>

    Can deleted emails be recovered in Exchange Online?<\/h3>

    Yes, within the retention period via recoverable objects and administrative recovery.<\/p> <\/div>

    How is Exchange Online protected against phishing?<\/h3>

    Through built-in Anti-Phishing and Anti-Malware features that filter emails before they reach the user.<\/p> <\/div>

    How is Legal Hold used in Exchange Online?<\/h3>

    Legal Hold prevents emails from being deleted during a legal investigation or compliance requirement.<\/p> <\/div>

    Is email encrypted in Exchange Online?<\/h3>

    Yes, both at rest and during transfer.<\/p> <\/div>

    Where are Exchange Online security settings managed?<\/h3>

    In Microsoft 365 Admin Center and Exchange Admin Center.<\/p> <\/div> <\/div> <\/div> <\/div> <\/div>