Lock the Stable Door in Microsoft 365 BEFORE the Horse Bolts

Table of Contents

The Rising Tide of Cyber Breaches: A Look at the Numbers

Why Default M365 Settings Aren’t Enough

Common Misconfigurations That Leave You Vulnerable

Key Security Features You Should Enable in M365

Best Practices for a Robust M365 Security Posture

Download M365 Cybersecurity 101 Guide for Employers

The Rising Tide of Cyber Breaches: A Look at the Numbers

Cyber breaches are affecting businesses of all sizes. According to the National Security Breaches Survey 2025, around 43% of businesses in the UK reported experiencing a cybersecurity breach or attack in the past year - with 50% of small, 67% of medium-sized and 74% of large businesses affected. 85% of those involve phishing - other as part of an email or a fraudulent website. The financial implications of these breaches are staggering, with the average cost of a cyber breach involving a compromised email being £2.1 million reports insurance provider Howden. 

The financial burden is not the only consequence; the reputational damage can be equally devastating. At Innovate, we believe that prevention is better than cure, and in this case the cost of prevention is significantly lower than the cost (and other consequences) of recovery. 

Why Default M365 Settings Aren’t Enough

Microsoft 365 (M365) offers a comprehensive suite of security features designed to protect your organisation However, if you leave them unconfigured, it means you're not safe. Many businesses assume that simply using M365 automatically ensures their security, but this is a dangerous misconception. Default settings are often reactive, meaning they only respond after a breach has occurred rather than preventing it in the first place.

Common Misconfigurations That Leave You Vulnerable

Below a summary of what we often see: Misconfigurations in an M365 environment creating significant security vulnerabilities. These often-overlooked issues can be easily exploited by cybercriminals:

• Disabled Multi-Factor Authentication (MFA) for Admin Accounts: Admin accounts with MFA disabled are prime targets for password hacking. 
• Active Legacy Login Protocols: Legacy protocols can bypass Conditional Access policies, allowing unauthorised access. Disable these protocols to enhance security.
• Disabled Audit Logs: Without audit logs, you have no way of knowing who is accessing your files. This lack of visibility can make it difficult to detect and respond to breaches.
• Untested Backups: Configuring backups is not enough; you must also test them regularly. Unverified backups can fail when you need them most, leading to data loss.

Key Security Features You Should Enable in M365

Conversely, to maximise the security of your M365 environment, it's crucial you enable and properly configure several key security features:

• MFA: MFA adds an extra layer of security by requiring users to provide two or more verification factors. This significantly reduces the risk of password-related breaches. Ensure MFA is enforced for all accounts, particularly those with administrative privileges.
• Conditional Access Policies: These policies allow you to control who has access to your data based on conditions such as user location, device state, and risk level. Ensure legacy authentication protocols are disabled to prevent these policies from being bypassed.
• Audit Logs: Enable audit logs to track user activities and identify any unauthorised access attempts. This visibility is essential for detecting and responding to security incidents.
• Backups: Regularly configure and test backups to ensure data recoverability in case of an attack.

Best Practices for a Robust M365 Security Posture

To establish a strong security posture in your M365 environment, follow these best practices:

• Regular Security Audits: Conduct regular security audits to identify and address vulnerabilities. This proactive approach helps you stay ahead of potential threats.
• Employee Training: Educate your staff on cybersecurity best practices, including recognising phishing attempts and using strong, unique passwords.
• Secure Configuration: Ensure all security features are properly configured and kept up to date. Regularly review and adjust settings to align with evolving threats. Also don't forget to adjust access rights of employees who've changed roles or left the company.
• Incident Response Plan: Develop and maintain an incident response plan to quickly and effectively address security breaches. This plan should include steps for containment, eradication, and recovery.

Download Our Guide

We've created an everything-at-a-glance M365 Cybersecurity 101 for Employers guide. This covers the most important safety aspects that IT professionals should consider, offering practical tips and actionable advice on the topics addressed in this article.

By following the recommendations outlined in this guide, you can significantly improve your organisation's cybersecurity posture. Remember, prevention is always better than cure. Taking proactive steps to secure your M365 environment can save your business from the financial and reputational damage caused by cyber breaches.