#	Task	Office 365 Business Premium	Microsoft 365 Business
1	Set up multi-factor authentication
2	Train your users
3	Use dedicated admin accounts
4	Raise the level of protection against malware in mail
5	Protect against ransomware
6	Stop auto-forwarding for email
7	Use Office Message Encryption
8	Protect your email from phishing attacks
9	Protect against malicious attachments and files with ATP Safe Attachments
10	Protect against phishing attacks with ATP Safe Links

1. Microsoft Secure Score

Before you begin, check your Microsoft 365 Secure Score in the Microsoft 365 security center. From a centralized dashboard, you can monitor and improve the security for your Microsoft 365 identities, data, apps, devices, and infrastructure. You are given points for configuring recommended security features, performing security-related tasks (such as viewing reports), or addressing recommendations with a third-party application or software. With additional insights and more visibility into a broader set of Microsoft products and services, you can feel confident reporting about your organization’s security health.

Read More
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/microsoft-secure-score

2. Set up multi-factor authentication

Using multi-factor authentication is one of the easiest and most effective ways to increase the security of your organization. It's easier than it sounds - when you log in, multi-factor authentication means you'll type a code from your phone to get access to Microsoft 365. This can prevent hackers from taking over if they know your password. Multi-factor authentication is also called 2-step verification. Individuals can add 2-step verification to most accounts easily, for example, to their Google or Microsoft accounts. Here's how to add two-step verification to your personal Microsoft account.

For businesses using Office 365 and Microsoft 365, add a setting that requires your users to log in using multi-factor authentication. When you make this change, users will be prompted to set up their phone for two-factor authentication next time they log in. To see a training video for how to set up MFA and how users complete the set up, see set up MFA and user set up.

To set up multi-factor authentication:

1. In the admin center, select Setup.

2. In the Sign-in and security section, under Turn on multi-factor authentication (MFA), select View.

3. On the Make sign-in more secure page, select Get started.

4. Select the Require multi-factor authentication for admins and Require users to register for multi-factor authentication and block access if risk is detected check boxes.

5. Under Do you want to exclude anyone from these policies, select any users that you want to exclude from the drop-down list box.

6. Select Create policy. You will return to the Make sign-in more secure page, which will now say Manage.

After you set up multi-factor authentication for your organization, your users will be required to set up two-step verification on their devices. For more information, see Set up 2-step verification for Office 365.

For full details and complete recommendations, see Set up multi-factor authentication for Office 365 users.

For more information

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/secure-your-business-data?view=o365-worldwide