If you haven’t enabled multifactor authentication (MFA) for your company’s Office 365 you should. According to an article by Microsoft their,
“numbers show that 99.9% of identity attacks have been thwarted by turning on MFA”Source Article
MFA (or sometimes called 2fa) is exactly what it sounds like; it’s another layer of authentication when you want to login to your account. There are many variations but the most common involves installing an application on your mobile phone and setting it up with your account. Once setup, it will generate random 6-digit codes that expire on an interval. The app or the webpage that you are trying to login to will then ask you for this 6-digit code to prove your identity. This is great because even if some bad actor has your username and password they still will not be able to login to your account.
In Office 365, MFA can be enabled on a per user basis so you can test it out. There is no additional licensing requirements to enable this functionality, just make sure you don’t forget your phone!
I actually use LastPass with their athenticator app so that if I have to change devices, all my MFA codes come with me otherwise you will likely have to setup MFA again for your account if you lose your phone.