Microsoft 365 Security Recommendation Checklist

Problem:

• You need to set up a new Microsoft 365 Tenant or have an existing Tenant that needs a security review
• Microsoft has 1000’s of recommendations regarding security, governance, compliance, and so on
• Where to start?

Solution:

• This Excel sheet with 60+ points to consider, learn about, and implement to improve the security of your Microsoft 365 Tenant

This Excel list is based off the sheet that I use as a Microsoft 365 consultant when creating a new Tenant for a customer or when a customer asks for a security review. As I am dealing with paying customers at small or medium sized businesses, licensing and costs are significant concerns, so the sheet is organized first by app/service and then what general “grade” of license is needed, either Basic, Enterprise/Business, or Premium. Where Basic are your built-in features, Enterprise/Business is around E3/A3 or Azure AD P1, and Premium is E5 or A5. The file is meant as more a quick start list and not a technical deep-dive or full of licensing and implementation details, but it includes the links to those details. It is also not a detailed view of all the options in the Microsoft Defender for Cloud, Endpoint, etc… can offer, but instead it focuses on the “built-in” options in Microsoft 365. It has columns for who is responsible for implementing said feature, which license group does the feature belong to, and a project status drop down for Open, In Progress, and Done.

Please keep in my mind the disclaimer here when implementing these recommendations (don’t break anything)!

I hope the Excel list helps and if there is anything missing from the list or any questions, please contact me via the contact form and I will help where possible. Good luck, security dudes!