Office 365 Email Security: Benefits, Features, and Your Downloadable Guide

Elevate Your Office 365 Experience with Topsec’s Email Security.

Why Choose Topsec for Your Office 365 Email Security

Why an additional security layer is vital when you have moved or are thinking about moving your email to the cloud?

Office 365 is today’s most adopted cloud email and office application solution. Most IT admins say the reason they made a move to Office 365 is that “they no longer have the time to spend administering their on-premises exchange” However, most overestimate the security capabilities of Office 365.

people collaborating

Trusted by Leading Brands

Safeguard your data and strengthen your defences with Topsec.

Overview of Threats to Your Microsoft Office 365

From within Office 365

It’s a well-known fact within the cyber security industry that many threats originate from email accounts within Office 365’s environment. These include unauthorised access attempts, compromised user accounts, and insider threats. Implementing an additional layer of security helps mitigate these risks and provides enhanced protection for sensitive information.

Inbound email

The default connection time checks for SPF, DKIM, and DMARC in Office 365 are not secure. Additionally, Office 365 has other insecure default behaviours, mainly due to legacy compatibility reasons and the need to adopt a universal approach to connection time security. For instance, Office 365 accepts emails from non-existent domain names and domains that do not accurately represent a fully qualified domain name (FQDN).


Configuration can be a big issue when the person responsible for setting up Office 365 fails to configure it correctly; failure of correct provisioning can leave you vulnerable to so many major security threats. An additional security layer simplifies the configuration process and ensures that all security measures are properly implemented to safeguard your Office 365 environment.

One size fit’s all

Office 365 is a multi-tenant environment, and its security features will not allow flexibility regarding unique targeted email-borne threats against end users. It offers a standard level of security; however, businesses with specific regulatory or industry requirements need additional security measures. Adding an extra layer of security enables you to meet your organisation’s specific needs.

The accessibility of Office 365 presents another problem.

It’s not a security license

Office 365’s E3 and E5 licenses are Office suite licenses that include security elements but are not fully focused on email security and threat prevention. With advanced threat protection, tailored security rules, dedicated support, and holistic email checks, you can enhance your  Office 365 email security.

Boost Your Office 365 Security Now!

How can an Extra Layer of Security Benefit You?

Given these factors, Office 365 has a number of shortcomings with regard to email security.

Protection from hackers

Office 365 is commonly used by hackers as a means to simulate their attacks, so it’s easy for attackers to test their methods until they can bypass Office 365’s security filters.

Security focus

Our mission statement is to fully focus on protecting the communication of our end users. Microsoft Office 365 is a multifunctional product with no particular focus on email security.

Prevents human errors

If an employee’s account gets hacked, outgoing emails become a threat. Using an additional security layer provides you with the benefits of monitoring abnormal trends in outgoing emails.

Client Testimonials: Why Businesses Trust Us

We really loved the products that Topsec provided to us. If I were to pull out a product that we are particularly happy with would-be Phishing campaigns, where it creates awareness among our staff for security issues, promotes awareness, and then Topsec follow that up with training. That’s one of the standout things that Topsec offers.
Scandi Standard Logo
Tommy Culleton
Scandi Standard- IT Security & Compliance
“The Phishing Training was particularly good. We had one campaign, and we had an extremely poor result. I think 50% of our people, opened and looked at a phishing email. We were very, shocked because it wasn’t particularly an important one. But it was a good one. It gives us an idea of how, they’re coping with unsolicited emails and phishing.
Waterman Moylan logo
Nick Smith
Senior Technician & Systems Manager, Waterman Moylan
Before we had IronPort in place, and the main reason to let them go was that it was not cost-effective, and it was not providing as much flexibility and management to the spam solution. So, that was the main reason we switched over.”
Andrey Jagotintsev
ICT Manager- St. Michael's Hospital
The culture of response has always been good. We can guarantee that we are going to get a response, sometimes within minutes, which is, which is impressive. If we have a technical issue that we need to discuss with somebody, we always have those levels of support from first-level technicians. If you’re looking for what differentiates Topsec from its competitors that would be the primary differentiation.
FR Kelly Logo
Colm Carberry
IT Manager, FR Kelly

What Topsec does for you?

We provide a wide range of services that help to protect your email ecosystem and organization. Good customer service is a big part of our service offering and what differentiates us from the competition.



Queue your emails

During an Office 365 outage, We will queue your company’s emails to prevent them from bouncing or being lost. Once the connection to Office 365 is re-established, we will deliver the emails.



Unique rules

Office 365 must implement common rules to cater to everyone on their cloud solution. In addition, TOPSEC can apply a unique and dynamic rule set depending on the client’s requirements.




Topsec provides monitored and personalised support 365/24/7. Topsec supports, monitors, informs and advises your company personally about any changes to your user accounts.



Every email goes through the same checks

Topsec applies the same level of email scrutiny to Office 365 emails as any other email, whereas Office 365 may prioritise emails originating from their platform.

What Advantages Does Topsec Offer to Office 365 Users?

Comprehensive Protection

Topsec provides an additional layer of security to Office 365, ensuring comprehensive protection against evolving threats and vulnerabilities.

Preventive Measure

Topsec believes that prevention is better than damage control after a malware attack.

Expertise and Experience

Deep knowledge and experience in email security best practices.

Customised Rules

We offer the flexibility to define unique security rules tailored to your organisation’s needs, allowing you to enhance protection against targeted attacks.

Expert Support

Our dedicated support team is available to assist you in setting up and managing your Office 365 security solution, providing guidance and addressing any concerns.

Standardised Checks

Every email passing through your Office 365 environment goes through consistent and thorough security checks, including real-time scanning.

Is Your Email Secure? Test with TESRA

What is a TESRA?

The Topsec Email Security Risk Assessment is a test that passively inspects emails left by third-party incumbent email systems as safe and ends up on an organisation’s email management system. In addition, Topsec puts these emails through their email security systems to reinspect them for false negatives, i.e., spam emails or emails containing malware or malicious attachments.

Analysis by Test Level:

Total Caught as Spam: 1,500,777 detected as Spam, 500,259 rejected and 1,000,518 quarantined.

The TESRA test covered 13,553 email users over 90 days of emails received from various organisations. Within that time frame, more than 10 million emails were inspected by Topsec. These emails had already been passed as safe by the organisation’s implementation of Office 365 services with Exchange Online Protection or Advanced Threat Protection.

The Topsec security test occurred passively after the incumbent email security systems had executed all their security filters and determined that nearly 1,504,010 or 15% of the 10, 014,185 emails were actually “bad” or “likely bad”. The overall false negative rate in the TESRA test of Microsoft Office 365 was 15% of all emails inspected.

Most of these emails that got through were spam, with 99.79% of the false negatives passed by the incumbent email security systems. Most spam email is not lethal; however, these messages can lead to more sophisticated attacks. As we move down the funnel, the number of false negatives decreases. However, these attacks are more lethal.

1,809 Impersonation attacks

At the next level, 1,809 of the emails caught by Topsec were impersonation attacks that were missed by Microsoft Office 365. These types of malicious emails are socially engineered emails that attempt to impersonate a trusted party, a CEO, to prompt the recipient to do something they should not do in a timely manner, e.g., transferring funds to a bank account as soon as possible. These emails are harder to detect because they do not contain malware or malicious attachments. However, these targeted email attacks have significantly increased in recent years.

1,206 Dangerous File Types

In the next level, 1,206 emails caught by Topsec were dangerous file types. Dangerous files cover many file types which are not sent over email, including .exe (executables) and .src (source) files. Therefore, Topsec recommends that customers block or quarantine these dangerous file types by default.

218 Malware Attachments

Moving down a level, 218 emails were identified to contain ‘known malware’, a term used for malware previously seen in the environment and reported as malware. Missing any known malware is a massive sign of weakness in an IT security system and worrying.

How TESRA works?

  • Topsec accesses an organisation’s inbound emails after their incumbent email security system has inspected them. These emails are not manufactured for the test; they are the email the organisation receives throughout the test.
  • Topsec gets a BCC copy of all emails delivered to the organisation’s email management system, which the incumbent email security system has already passed.
  • The Topsec Email Security service inspects the email for spam, malware, attachments, and impersonation attacks previously missed by the incumbent email security system.
  • At the end of the test, the information was collated and put into the TESRA report.


Many organisations think that their current email security systems are keeping them safe from new and emerging email-borne threats. However, the TESRA test proves that this is not the case. These days, hackers are more sophisticated, resourced and targeted, which leads to more effective email attacks. They continue to search to find holes and flaws in services such as Office 365, so it is vital that you put as many layers of security in place as your budget will allow.


ISO Certificate
HM Government - Cloud Supplier
Iqnet Certificate
Download our Topsec and O365 Brochure

Topsec & O365 FAQ's

Office 365 Security refers to the built-in security measures provided by Microsoft to protect user data and ensure the integrity of the Office 365 suite. These security features include threat detection, data encryption, access controls, and multi-factor authentication. While Office 365 security measures are robust, adding an additional layer of security further strengthens your organisation’s defence against potential threats.

Office 365 is essential for modern businesses due to its wide range of productivity tools and collaborative features. It enables organisations to streamline communication, enhance productivity, and store data in the cloud. However, as cyber threats evolve, an additional layer of security becomes necessary to safeguard critical data, protect against advanced threats, and meet industry compliance requirements.

Office 365 is not a security risk but can become vulnerable to various threats if not properly secured and configured. Factors such as weak passwords, misconfigurations, and human errors can expose sensitive data and compromise the integrity of your Office 365 environment. Implementing additional security measures ensures comprehensive protection and mitigates these risks.

Office 365 employs various mechanisms to protect against phishing attacks. These include anti-phishing filters, link scanning, and email authentication protocols like SPF, DKIM, and DMARC. These measures help detect and block suspicious emails, malicious links, and phishing attempts. However, an additional layer of security can provide advanced threat intelligence and real-time analysis to identify and prevent sophisticated phishing attacks.

Sandboxing an attachment will not take more than 2 or 3 minutes if installed correctly.

Office 365 incorporates encryption and access controls to ensure data privacy and restrict unauthorised access. It uses industry-standard encryption protocols to protect data at rest and in transit. Access controls, such as role-based permissions and multi-factor authentication, add an extra layer of security by limiting access to sensitive information.

Attachment Sandboxing is used to verify attachments for potential threats. It is advisable to use Attachment Sandboxing to scan attachments for malicious content before you share or download them. If you’re skeptical about a file, you can submit it to be examined. Also, it’s a good idea to scan any attachments for malicious content before retrieving them.

Ready To Partner With Us for Matchless Solutions?

At Topsec Cloud Solutions, we’ve been pioneering cloud-based email and web security for more than two decades.

Our journey began in 2002. Since then, we’ve become a leading force in providing top-tier managed security services.

Benefits of working with Topsec Cloud solutions:

Topsec logo

Schedule a Free Consultation