If you’re using Microsoft 365 and haven’t reviewed your security settings recently, your business could be more exposed than you realise.
Most cyber attacks don’t rely on sophisticated techniques, they take advantage of default configurations and overlooked settings. That means small changes can have a massive impact on your security posture.
In this first instalment of our “James’ Hints & Tips” series, we’re covering a practical Microsoft 365 security checklist you can act on immediately.
1. Enable Security Defaults
One of the fastest ways to improve your Microsoft 365 security settings is enabling Security Defaults.
Head to your Entra ID properties, find Manage Security Defaults, and toggle it to “Yes.”
Why this matters:
Enforces baseline protections like MFA
Blocks common identity-based attacks
Protects against the majority of low-level threats
This single setting can prevent up to 99% of basic identity attacks.
2. Reduce the Number of Global Admins
Global admin accounts have unrestricted access — and too many organisations hand them out too freely.
Best practice:
Limit to 2–4 global admins
Assign role-based access instead of full control
If multiple accounts have full privileges, a single compromised login can lead to a complete breach.
3. Enforce Conditional Access for Risky Sign-ins
Conditional Access is one of the most powerful tools in your Microsoft 365 security best practices toolkit.
Set policies that:
Require multi-factor authentication (MFA) for medium-risk logins
Block access entirely for high-risk sign-ins
This ensures that even if credentials are stolen, attackers can’t get in without additional verification.
4. Turn On Audit Logging
If your organisation experiences a breach, audit logs are critical.
They allow you to:
Track user and admin activity
Investigate suspicious behaviour
Understand exactly what happened
You can enable this in the Microsoft Purview Compliance Portal.
Don’t wait until after an incident — without logs, you’re effectively blind.
5. Disable Basic Authentication
Basic authentication is still one of the biggest security risks in many Microsoft 365 environments.
Why it’s dangerous:
It bypasses MFA completely
It’s frequently targeted by automated attacks
To secure your environment:
Enable modern authentication
Disable access for legacy protocols and clients
Leaving this enabled is like leaving your front door unlocked.
Need Help Securing Microsoft 365?
At Atlas Cloud, we help businesses:
Identify gaps in their Microsoft 365 security settings
Implement best practices like MFA and Conditional Access
Monitor threats with 24/7 protection
👇Book a Microsoft 365 security assessment
