A lot of our work is helping organizations to secure either Office 365 or the full Microsoft 365. In all of the work, the most common issue or problem is lack of knowledge of where to start. In fact, during a research project we worked on last year, that was a significant factor in why many organizations had suffered breaches even within Microsoft 365. Microsoft is doing a great job documenting the practical steps for a specific feature, function, or component, but you are often left reading very generic examples that don't quite for your scenario.
We were asked to help by writing a white-paper that is based around the question and answers idea. For example, a few common questions we often get are:
Can I be notified of potential user malicious behavior such as mass file downloads?
Can I apply a content security policy to a document no matter where it resides?
How can I ensure that personally identifiable information never leaves the organization?
How can we protect personal devices that connect to Office 365 services?
The purpose of the white-paper we produced is to answer questions rather than outline technical documentation. If you are interested in this, then head over to the link below:
Though the reading is excellent, that may not help you identify issues right now that need resolving. Introducing the Microsoft 365 Secure Score. You can access this for your tenant using this link. As soon as it loads, click the 'Improvement actions,' to see the list of identified items for improvement, as well as details of what that means.
Clicking into items reveals further details, including the following:
As you can see, this is such a simple thing to review with essential details on why the specific feature or component is critical and needs enabling or configuring. Don't hesitate, head over to the 'Microsoft 365 Secure Score' pages to improve your security posture.