Microsoft 365 is not secure out of the box, and attackers know it. Most tenants ship with default configurations that leave critical gaps across identity, email, endpoints, and data protection. These gaps are not hypothetical. They are actively exploited in the wild, and many organizations don’t realize they’re exposed until something goes wrong.

This session draws on real-world security assessments, incident response engagements, and environments that were either breached or dangerously close to it. I’ll walk through more than 20 high-impact security settings across Microsoft Entra ID, Exchange Online, Microsoft Defender for Office 365, Microsoft Intune, Power Platform, and Microsoft Purview that are consistently misconfigured, overlooked, or left at insecure defaults. This session is fast-paced and grounded in what I’ve seen across production environments, not compliance checklists or vendor documentation. Every misconfiguration is shown with the context of why it exists, what it exposes, and what an attacker does with it. If you’re responsible for the security posture of a Microsoft 365 tenant, this is the session that shows you what’s likely already wrong in yours.

Assumed Knowledge:

Working knowledge of Microsoft 365 administration, familiarity with Microsoft Entra ID and Conditional Access concepts, basic understanding of email security and endpoint management.

Practical Takeaways:

More than 20 actionable security settings across core Microsoft 365 workloads you can assess and remediate immediately. A clear prioritization framework that separates quick wins from changes requiring architectural planning. Real attack paths mapped to specific default configurations so you understand the actual risk.

Out of Session Scope:

We will not cover Azure infrastructure security, network security, or workloads outside the Microsoft 365 ecosystem. We will not cover third-party security tooling or SIEM integration. We will not walk through licensing models or feature comparisons. This is not a beginner overview of Microsoft 365 administration.