Dexter
September 29, 2025

7 Microsoft 365 Security Switches You Can Turn On This Week

1) Enforce MFA for everyone

Make multi-factor authentication non-negotiable. Start with admins, then roll it out to all users. App-based prompts (Authenticator) are far safer than SMS codes.

2) Turn off legacy authentication

Older protocols (POP/IMAP/SMTP Basic, etc.) bypass modern security. Disabling them closes a common door attackers still test.

3) Apply a few smart Conditional Access rules

  • Require MFA when users sign in from new locations or devices.
  • Require compliant/managed devices for admin access.
  • Block sign-in for known risky countries you never work from.

4) Reduce global admins and use roles

Give people the least they need to do their job (e.g., Exchange Admin, User Admin). Keep one “break-glass” account with a long, vaulted password and no mailbox.

5) Protect email from the obvious tricks

Enable anti-phishing and safe links/safe attachments policies. Tag external email and alert if users create auto-forwarding rules to personal accounts.

6) Back up Microsoft 365 data

Microsoft keeps the platform running, but you’re responsible for your data. Use a third-party backup for Exchange, OneDrive and SharePoint so restores are fast and certain.

7) Patch and encrypt laptops

Tie devices into Endpoint Manager, turn on automatic updates, and enable BitLocker/FileVault. Lost laptop ≠ lost data.