Microsoft 365 Security Sanity Check
(10-20 minutes)

A non-technical checklist to quickly spot common M365 risks.

What this is

A quick checklist to identify “default mode” M365 risks. It doesn’t replace a full review, but it reliably finds the common problems.

1) Fast checks (do first)

CheckWhat good looks likeStatusNotes
MFA enforced for all usersEveryone uses MFA; admins have stronger MFA
Admin accounts separatedNo daily-use admin accounts; least privilege
Mailbox forwarding rulesNo unexpected forwards to external addresses
Risky sign-in alertsAlerts enabled and monitored
External sharing controlsSharePoint/OneDrive sharing is intentional, not open

2) “High value” settings to confirm

3) Quick questions to ask your IT person/MSP

QuestionWhy it matters
Are we blocking legacy authentication?Stops a common path for password-spraying and basic takeover.
Do we alert on new inbox rules and external forwards?Attackers often hide in forwarding rules.
Do admins use separate accounts and stronger MFA?Admin takeover is catastrophic.
Do we have an M365 backup strategy?Recycle bin isn’t the same as recoverability.

4) What to do if you find a problem

  1. Fix MFA enforcement gaps immediately.
  2. Remove suspicious forwarding rules and reset passwords for affected users.
  3. Review sign-in logs for unusual locations/devices.
  4. Harden admin access and document the changes.

5) “Minimum baseline” outcome

Note: This document is general operational guidance and does not replace legal advice. It helps you establish a practical baseline and reduce common privacy risks.
👉 Free 30-minute consultation

No hard sell - just clarity and practical next steps.

hello@virtusgroup.biz
virtusgroup.co.nz
0800 847 887 (VIRTUS)

Book now

© Virtus Group Ltd • Ethical. Local. Reliable. Your IT, Simplified.