Microsoft 365 Security Basics: 10 Settings to Check

Microsoft 365 is powerful—and because it’s so common, it’s also a top target. The good news: a handful of settings can dramatically reduce account takeovers, email impersonation, and data exposure.

Here are 10 high-impact Microsoft 365 security settings to review.

1) Turn on MFA for every user (no exceptions)

Require multi-factor authentication for all accounts, especially admins. If you only do one thing, do this.

2) Protect admin accounts with stronger controls

Use separate admin accounts (not daily-use inboxes) and enforce the strictest sign-in rules for them.

3) Disable legacy authentication

Older sign-in methods (like basic auth) are frequently abused. Block legacy authentication to reduce password-spray risk.

4) Review Conditional Access policies

If you have Entra ID (Azure AD) Conditional Access, use it to:

Block sign-ins from risky locations

Require MFA outside trusted networks

Require compliant devices for sensitive apps

5) Enable security defaults (if you don’t have Conditional Access)

For smaller environments, Microsoft’s Security Defaults can provide a solid baseline quickly.

6) Set up SPF, DKIM, and DMARC for your domain

These help prevent spoofing and improve deliverability.

SPF: who can send as your domain

DKIM: proves messages weren’t altered

DMARC: tells receivers what to do when checks fail

7) Tighten external email and anti-phishing policies

In Microsoft Defender for Office 365 (or Exchange Online Protection), review:

Anti-phishing policies (impersonation protection)

Anti-spam policies

Safe Links/Safe Attachments (if licensed)

8) Block auto-forwarding to external addresses

Attackers love setting mailbox rules that auto-forward email out of your tenant. Disable external auto-forwarding unless there’s a documented business need.

9) Audit mailbox rules and suspicious sign-ins

Check for:

New inbox rules you didn’t create

“Delete,” “Archive,” or “Mark as read” rules on finance/executive mailboxes

Sign-ins from unusual locations/devices

10) Set retention and recovery basics

Make sure you can recover from mistakes or malicious deletes.

Confirm deleted item retention settings

Use retention policies where appropriate

Know how to restore a user and mailbox quickly

Quick checklist (copy/paste)

MFA enabled for all users and admins

Separate admin accounts in place

Legacy authentication blocked

Conditional Access or Security Defaults enabled

SPF/DKIM/DMARC configured

Anti-phishing and anti-spam policies reviewed

External auto-forwarding blocked

Mailbox rules audited

Sign-in logs reviewed

Retention/recovery confirmed

Share the Post:

Discover More Microsoft 365 Security Tips & Guides

First Amendment Auditors, Cannabis Dispensaries, and HIPAA: What Really Applies in Public

First Amendment auditing has expanded far beyond city halls and post offices. In states with legal cannabis, dispensaries have become

The Proof Stack: 7 Trust Signals That Win Jobs Without Discounting

If you sell a skilled service, you’ve heard some version of: Can you do it cheaper? Here’s the truth: most

Understanding Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a crucial security measure that adds an extra layer of protection to your Microsoft 365 accounts. By requiring users to provide two or more verification factors, MFA significantly reduces the risk of unauthorized access, especially for admin accounts that are prime targets for attackers.

For instance, when MFA is enabled, users may need to enter a password and then confirm their identity through a text message or an authentication app. This dual requirement makes it much harder for cybercriminals to breach accounts, even if they have stolen a password. Implementing MFA is one of the first steps recommended by cybersecurity experts.

Implementing Conditional Access Policies

Conditional Access policies are essential for organizations using Azure Active Directory to enhance their security posture. These policies allow administrators to enforce specific conditions under which users can access Microsoft 365 resources, effectively managing risk based on user location, device compliance, and sign-in risk.

For example, you can configure Conditional Access to require MFA for users attempting to access sensitive applications from untrusted networks. This ensures that even if a user's credentials are compromised, the attacker would still face additional barriers to access sensitive data, thereby safeguarding your organization's information.

Configuring Email Security Protocols

Email security protocols such as SPF, DKIM, and DMARC play a vital role in protecting your domain from email spoofing and phishing attacks. These protocols work together to authenticate emails sent from your domain, ensuring that recipients can trust the messages they receive.

For example, SPF (Sender Policy Framework) specifies which mail servers are allowed to send emails on behalf of your domain. DKIM (DomainKeys Identified Mail) adds a digital signature to your emails, while DMARC (Domain-based Message Authentication, Reporting, and Conformance) provides instructions on how to handle emails that fail SPF or DKIM checks. Properly configuring these protocols can significantly reduce the likelihood of successful phishing attempts against your organization.

Best Practices for Auditing Mailbox Rules

Regularly auditing mailbox rules is an essential practice for maintaining security in Microsoft 365. Mailbox rules can be exploited by attackers to forward sensitive emails to external addresses or manipulate inbox organization, making it crucial to monitor and review these settings periodically.

For instance, administrators should check for any new rules that were not created by legitimate users, especially in high-risk accounts such as finance or executive mailboxes. By identifying suspicious rules and promptly removing them, organizations can mitigate the risk of data leaks and ensure that their email communications remain secure.