Security

Microsoft 365 hardening: the seven settings most tenants get wrong

Alebrije Admin March 3, 2026 · 1 min read

The factory defaults in Microsoft 365 are designed to make adoption easy, not to make tenants secure.

  1. Disable legacy auth. POP, IMAP, and SMTP basic auth are still on in tenants we audit.
  2. Enforce MFA via conditional access. Per-user MFA is too easy to bypass.
  3. Block downloads from unmanaged devices. SharePoint and OneDrive can require browser-only access from devices that are not enrolled.
  4. Configure anti-phishing impersonation protection. Add the executive team to the impersonated-users list.
  5. Lock down external sharing. By default, anyone in your tenant can share anything.
  6. Audit log retention. Crank it up. The default is shorter than most incident investigations need.
  7. Self-service password reset with strong verification. Convenient and secure if configured.
Tagged Cybersecurity Microsoft 365 How-to Best Practices
— Keep reading

Related posts.

Security
April 28, 2026 · 1 min read

Why every small business needs a security baseline (and what that actually means)

The phrase "we are too small to be a target" is the most expensive sentence in IT. Here is what a real baseline looks like, in plain language, with the steps you can take this week.

Editorial Team
Security
April 7, 2026 · 1 min read

Phishing that actually works in 2026: what your team should know

The phishing techniques that actually work right now and the five-second checks anyone in your organization can do to spot them.

Alebrije Admin
Security
November 15, 2025 · 1 min read

Endpoint detection on a small budget

EDR no longer means "enterprise only." A practical look at endpoint detection options for organizations under 100 seats.

Alebrije Admin