Here’s a security tip that you can implement in just a couple minutes that will help protect your Office 365 environments from phishing attacks.

The attack looks like this: A scammer sends your users an email that looks like something from Microsoft, asking them to log in (using their login button/link). After clicking that link they’re directed to what *looks* like the default login screen to their Microsoft account. And if the user enters their login information, the scammer now has access to their account.

To help prevent this, you can update the login page with a custom background, which makes your login screen look unique. Then just let your users know that they should only log in to their account if they see the company’s custom image.

How to set a custom login image:

  • Log into Azure Admin portal:
  • Select “Azure Active Directory” from the left menu -> select “Company Branding
  • If this is your first time, click “Configure” button at near top of page
    • Provide a background image that is 1920x1080px & less than 300 KB
    • Provide a banner logo that is 280x60px
    • Username hint & Sign-in page text are optional, but sometimes useful to include
    • Under “Advanced Settings” it can be helpful to also set a custom background color
    • Click “Save” button when completed

So if your login screen looks like this:


…we highly recommend that you update it.

Here are some ideas of photos you could use:

  • Your company logo
  • A photo of your main office building
  • A snapshot of some team members at a recent conference
  • A picture of your conference booth
  • Product photos

You can change this image at any time, and it’s a good idea to change it periodically (maybe to something seasonal). Just make sure to communicate the change to your users so they’re aware.

If you’re interested in Office 365 security, here’s another post to take a look at.