Microsoft 365 Security — Where the Default Isn’t What You Want

  • Preventing Cybercrime
  • 10/19/2022
Female colleagues reviewing code together

Key insights

  • In the rush to implement Microsoft 365 during the pandemic, few organizations adequately considered security configurations
  • Relying on default security settings may not be enough — and keeping up with Microsoft 365’s ever-changing platform and security can be difficult.
  • CLA can evaluate your security configuration and uncover ways to help reduce your risk of a breach.

A Microsoft 365 security review can help uncover risks.

Talk to an Advisor

Moving to Microsoft 365 can increase efficiency and bring added security for your organization. But improperly implementing the platform can put your organization at risk. While the Microsoft 365 default security settings offer users some protection, they fail to incorporate many key security measures — something the hackers have also figured out.

Rush to the cloud

During the pandemic, Microsoft 365 surged in popularity as organizations quickly adopted remote work. In their urgency to migrate, many IT departments did not have time to fully research the new platform and its security features, instead opting to use the default settings.

Once migration was complete and systems running reliably, many organizations — fearing disruption — did not take the steps necessary to properly configure their environment. Now hackers have capitalized on this and thousands of organizations have been compromised, losing billions of dollars.

As you consider your organization’s security, consider these default settings you may need to review:

  • Multi-factor authentication
  • Email forwarding rules
  • Sharing of data outside your organization
  • Access to sensitive areas by non-system administrators
  • Mailbox auditing logging
  • Message encryption rules
  • Configuring alerts

Continued challenges

The challenges don’t stop there. A mix of complicated licensing, shifting dashboards, and newly introduced features make it difficult for IT administrators to properly manage the platform.

Even those who made concerted efforts have found it difficult to keep up to date with constant changes to the Microsoft platform and updated security defaults. The security defaults themselves fall into a mix of universally applied, applied to only new customers, or announced but randomly assigned backend rollouts — making it easy to miss important updates.

How we can help

While the Microsoft 365 default security settings offer users layers of protection, every organization must consider these configurations in relation to their specific needs.

CLA has designed the Microsoft 365 security review as a technical evaluation of your Microsoft 365 environment to help identify potential issues in security policies and settings. These security controls span a wide range of M365 products including SharePoint, Exchange, OneDrive, and Azure Active Directory.

Our cybersecurity professionals help you to identify issues with your Microsoft 365 environment that could increase your risk of a data breach or reduce your ability to respond to one. Fill out the form below to learn more.

Learn more about a Microsoft 365 Review 

Experience the CLA Promise