{"id":57853,"date":"2026-07-13T15:44:56","date_gmt":"2026-07-13T05:44:56","guid":{"rendered":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/"},"modified":"2026-07-13T15:46:24","modified_gmt":"2026-07-13T05:46:24","slug":"is-your-microsoft-365-tenant-secure-10-settings-to-check-now","status":"publish","type":"post","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/","title":{"rendered":"Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In this blog post Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now we will walk through the Microsoft 365 security settings that many businesses forget to review until something goes wrong.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p class=\"wp-block-paragraph\">For most organisations, Microsoft 365 has quietly become the front door to the business. Email, files, Teams chats, customer documents, finance records, HR data, devices, and passwords all sit behind one cloud environment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That environment is called your Microsoft 365 tenant. In plain English, it is your company\u2019s private Microsoft cloud space. It includes Microsoft Entra ID, which controls who can sign in; Exchange Online, which runs email; SharePoint and OneDrive, which store files; Teams, which handles collaboration; and security tools such as Microsoft Defender and Intune, which help protect users and devices.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The problem is that Microsoft 365 can look perfectly healthy from the outside. Email works. Staff can log in. Teams meetings run. But operational does not always mean secure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We see this often during Microsoft 365 security reviews. A tenant may have years of small changes, old accounts, forgotten sharing links, risky admin access, and security policies that were never switched on. Nobody meant to create risk. It just built up over time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This post builds on our earlier articles, including the Microsoft 365 tenant looked fine until we checked the security defaults and the first 10 things we check in a Microsoft 365 security review. Here, we are going deeper into the specific settings business leaders should ask their IT provider to check.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Microsoft 365 tenant security matters to the business<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A Microsoft 365 breach is rarely just an IT problem. It can become a payroll problem, a privacy problem, a legal problem, and a customer trust problem very quickly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers do not always need to \u201chack\u201d complex systems. In many cases, they sign in with a stolen password, approve access through a weak authentication method, create a hidden mailbox rule, or use an old file-sharing link that should have been removed years ago.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For Australian businesses, this also links directly to Essential 8, the Australian government\u2019s cybersecurity framework that many organisations are now expected or required to follow. Microsoft 365 can support Essential 8 controls such as multi-factor authentication, restricting admin access, patching devices, hardening Office apps, and protecting backups. But only if it is configured properly.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">10 Microsoft 365 settings most businesses forget to check<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. Security defaults or Conditional Access<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Security defaults are Microsoft\u2019s basic protection settings for smaller or simpler tenants. Conditional Access is the more flexible version, letting you set rules such as \u201cblock sign-ins from risky locations\u201d or \u201crequire extra verification when staff log in from an unmanaged device.\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The business risk is simple. If these controls are missing or poorly configured, a stolen password may be enough to access company email and files.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Ask your IT provider: are security defaults enabled, or do we have well-designed Conditional Access policies? If you want a practical deeper dive, see our Conditional Access checklist for Microsoft 365 tenants.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> reduced account takeover risk without making everyday work painful for staff.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. Multi-factor authentication for every user<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Multi-factor authentication, or MFA, means users need more than a password to sign in. Usually this is an app prompt, passkey, hardware token, or another approved method.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The common mistake is only enabling MFA for some users, or leaving senior executives, finance users, contractors, and service accounts out of scope. Attackers know this. They look for the weakest account, not the most obvious one.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For Essential 8 alignment, MFA is one of the most important controls to get right. It should cover administrators, remote access, cloud services, email, and sensitive applications.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> fewer successful phishing attacks and stronger compliance posture.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. Legacy authentication<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Legacy authentication means older sign-in methods that do not properly support modern security controls such as MFA. Some old mail apps, scanners, printers, and business systems still try to use these older methods.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is one of the settings we always check because it is a favourite path for password-based attacks. Even if MFA is switched on, legacy authentication can sometimes create a back door if it has not been blocked properly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The fix is not always \u201cturn it off immediately.\u201d A practical approach is to review sign-in logs, identify anything still using old methods, replace or reconfigure those systems, then block legacy access safely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> lower risk of password spraying, credential stuffing, and silent mailbox compromise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. Admin accounts and privileged roles<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Admin accounts are the master keys to your Microsoft 365 tenant. They can reset passwords, change security policies, access systems, and sometimes grant themselves more permissions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Many businesses have too many global administrators. We often find old IT provider accounts, former staff accounts, shared admin logins, and emergency accounts with no clear owner.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A better model is least privilege. That means people only receive the access they genuinely need, for the time they need it. Senior admin roles should use strong MFA, separate admin accounts, and ideally just-in-time access, where elevated permissions are approved for a limited period.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> reduced blast radius if an admin account is compromised.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. External sharing in SharePoint, OneDrive, and Teams<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">External sharing lets staff send files and folders to people outside the organisation. This is useful for clients, suppliers, partners, accountants, lawyers, and contractors.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is also one of the easiest ways for sensitive data to drift outside the business. The risk is not always malicious. A staff member shares a folder for a project, the project ends, and the link remains active for years.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check whether anonymous links are allowed, whether links expire, whether external users need to sign in, and whether guests are reviewed regularly. For many businesses, the right answer is not to block sharing completely. It is to make external sharing visible, controlled, and easy to revoke.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> safer collaboration with clients and suppliers without slowing the business down.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6. Third-party app consent<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">App consent is what happens when a user clicks \u201caccept\u201d and gives an external application access to Microsoft 365 data. Some apps only need basic profile information. Others may request access to email, files, calendars, or contacts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is a common blind spot. A harmless-looking productivity app can request broad access, and a user may approve it without understanding the impact.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Your tenant should have clear rules for which apps users can approve themselves and which apps require administrator review. High-risk permissions should not be granted casually.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> reduced risk of data exposure through unapproved third-party applications.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">7. Mail forwarding and hidden inbox rules<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">When attackers compromise a mailbox, they often create forwarding rules. These silently send copies of email to an outside address or hide certain messages from the user.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This can be devastating for finance teams. An attacker can watch invoices, learn supplier names, then send a convincing payment change request at exactly the right time.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check whether automatic external forwarding is blocked. Also check for suspicious inbox rules, especially rules that move messages to hidden folders, delete messages, or forward mail outside the organisation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> lower risk of invoice fraud, payroll fraud, and long-running email surveillance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">8. Defender for Office 365 email protection<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Defender for Office 365 helps protect users from phishing emails, malicious links, and dangerous attachments. Safe Links checks web links when users click them. Safe Attachments opens suspicious files in a protected environment before delivery.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The issue is that many businesses assume these protections are fully configured because \u201cwe have Microsoft 365.\u201d Licensing and configuration both matter. Some tenants have basic protection only, while others have the right licences but weak policies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check anti-phishing settings, impersonation protection for executives, Safe Links, Safe Attachments, and quarantine handling. Also check whether users know how to report suspicious emails.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> fewer successful phishing attacks and less time wasted cleaning up avoidable incidents.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">9. Device compliance through Intune<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Intune manages and secures company devices such as laptops, desktops, tablets, and phones. It can enforce settings like encryption, screen lock, security updates, antivirus, and whether a device is allowed to access company data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Without device compliance, a staff member may access sensitive files from an unmanaged home laptop or an old phone with no security controls. That creates risk even if their Microsoft 365 account is protected.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For businesses using hybrid work, this setting is critical. Access should depend not just on who the user is, but also whether the device they are using is healthy and trusted.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> safer hybrid work, better Essential 8 alignment, and fewer unmanaged devices touching company data.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">10. Audit logs, alerts, and retention<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Audit logs are the activity records inside Microsoft 365. They help answer questions such as who accessed a file, who changed a setting, who created a forwarding rule, or when an admin account was used.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Many organisations only discover their logging gaps after an incident. By then, the evidence they need may be incomplete, expired, or difficult to search.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check that audit logging is enabled, important alerts are configured, and retention meets your business, insurance, and compliance needs. If your organisation has legal, financial, healthcare, or government obligations, this deserves careful attention.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Business outcome:<\/strong> faster incident response, better evidence, and stronger compliance reporting.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">A real-world scenario we see often<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A 180-person professional services firm asked us to review their Microsoft 365 tenant after a near miss involving a fake supplier invoice. Their IT looked fine on the surface. Staff were productive, email was running, and there had been no obvious breach.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But the review found several quiet risks. There were old external sharing links, too many admin accounts, inconsistent MFA coverage, weak guest controls, and mailbox forwarding rules that nobody had reviewed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">None of these issues required a giant security program to fix. Over a short remediation period, we tightened Conditional Access, cleaned up admin roles, blocked risky forwarding, reviewed guest users, and improved Defender for Office 365 policies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The business outcome was clear. Lower fraud risk, better visibility, stronger Essential 8 alignment, and fewer uncomfortable questions from the board and insurer.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to review your Microsoft 365 tenant without overwhelming your team<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You do not need to fix everything in one weekend. The best approach is to prioritise the controls that reduce the most risk first.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n <li><strong>Start with identity.<\/strong> Confirm MFA, Conditional Access, admin roles, and legacy authentication.<\/li>\n <li><strong>Review data exposure.<\/strong> Check SharePoint, OneDrive, Teams, guest users, and external sharing links.<\/li>\n <li><strong>Check email risk.<\/strong> Review forwarding rules, phishing protection, Safe Links, and Safe Attachments.<\/li>\n <li><strong>Bring devices under control.<\/strong> Use Intune to manage and secure laptops, mobiles, and remote access.<\/li>\n <li><strong>Improve visibility.<\/strong> Make sure audit logs, alerts, and reporting are actually useful when something happens.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft Secure Score can help by showing recommended security actions inside Microsoft Defender. Treat it as a useful guide, not a perfect measure. A higher score is good, but the real goal is reducing business risk in the areas that matter most to your organisation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Where CloudProInc can help<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">CloudProInc is a Melbourne-based Microsoft Partner and Wiz Security Integrator with more than 20 years of enterprise IT experience. We work with Australian and international clients across Microsoft 365, Azure, Intune, Windows 365, Microsoft Defender, Wiz, OpenAI, and Claude.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Our approach is practical. We do not hand over a 90-page report full of jargon and leave your team to figure it out. We identify the risks, explain them in business terms, prioritise the fixes, and help implement the changes safely.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you are not sure whether your Microsoft 365 tenant is properly secured, or whether your current IT provider has checked these settings recently, we are happy to take a look. No pressure, no scare tactics \u2014 just a clear view of where you stand and what to fix first.<\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Most Microsoft 365 breaches start with settings nobody reviewed. Here are 10 practical checks that reduce risk, improve compliance, and protect business data.<\/p>\n","protected":false},"author":1,"featured_media":57855,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_opengraph-title":"Tenant Security: 10 Settings to Check Now","_yoast_wpseo_opengraph-description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","_yoast_wpseo_twitter-title":"Tenant Security: 10 Settings to Check Now","_yoast_wpseo_twitter-description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[13],"tags":[],"class_list":["post-57853","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v28.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Tenant Security: 10 Settings to Check Now<\/title>\n<meta name=\"description\" content=\"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tenant Security: 10 Settings to Check Now\" \/>\n<meta property=\"og:description\" content=\"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/\" \/>\n<meta property=\"og:site_name\" content=\"CPI Consulting\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-13T05:44:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-13T05:46:24+00:00\" \/>\n<meta name=\"author\" content=\"CPI Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Tenant Security: 10 Settings to Check Now\" \/>\n<meta name=\"twitter:description\" content=\"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CPI Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/\"},\"author\":{\"name\":\"CPI Staff\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/person\\\/192eeeb0ce91062126ce3822ae88fe6e\"},\"headline\":\"Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now\",\"datePublished\":\"2026-07-13T05:44:56+00:00\",\"dateModified\":\"2026-07-13T05:46:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/\"},\"wordCount\":1929,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/\",\"url\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/\",\"name\":\"Tenant Security: 10 Settings to Check Now\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png\",\"datePublished\":\"2026-07-13T05:44:56+00:00\",\"dateModified\":\"2026-07-13T05:46:24+00:00\",\"description\":\"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#primaryimage\",\"url\":\"\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png\",\"contentUrl\":\"\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png\",\"width\":1536,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cloudproinc.com.au\\\/index.php\\\/2026\\\/07\\\/13\\\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cloudproinc.com.au\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#website\",\"url\":\"https:\\\/\\\/cloudproinc.com.au\\\/\",\"name\":\"Cloud Pro Inc - CPI Consulting Pty Ltd\",\"description\":\"Cloud, AI &amp; Cybersecurity Consulting | Melbourne\",\"publisher\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cloudproinc.com.au\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#organization\",\"name\":\"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd\",\"url\":\"https:\\\/\\\/cloudproinc.com.au\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/favfinalfile.png\",\"contentUrl\":\"\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/favfinalfile.png\",\"width\":500,\"height\":500,\"caption\":\"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd\"},\"image\":{\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cloudproinc.com.au\\\/#\\\/schema\\\/person\\\/192eeeb0ce91062126ce3822ae88fe6e\",\"name\":\"CPI Staff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g\",\"caption\":\"CPI Staff\"},\"sameAs\":[\"http:\\\/\\\/www.cloudproinc.com.au\"],\"url\":\"https:\\\/\\\/cloudproinc.azurewebsites.net\\\/index.php\\\/author\\\/cpiadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Tenant Security: 10 Settings to Check Now","description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/","og_locale":"en_US","og_type":"article","og_title":"Tenant Security: 10 Settings to Check Now","og_description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","og_url":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/","og_site_name":"CPI Consulting","article_published_time":"2026-07-13T05:44:56+00:00","article_modified_time":"2026-07-13T05:46:24+00:00","author":"CPI Staff","twitter_card":"summary_large_image","twitter_title":"Tenant Security: 10 Settings to Check Now","twitter_description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","twitter_misc":{"Written by":"CPI Staff","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#article","isPartOf":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/"},"author":{"name":"CPI Staff","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/person\/192eeeb0ce91062126ce3822ae88fe6e"},"headline":"Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now","datePublished":"2026-07-13T05:44:56+00:00","dateModified":"2026-07-13T05:46:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/"},"wordCount":1929,"commentCount":0,"publisher":{"@id":"https:\/\/cloudproinc.com.au\/#organization"},"image":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2026\/07\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png","articleSection":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/","url":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/","name":"Tenant Security: 10 Settings to Check Now","isPartOf":{"@id":"https:\/\/cloudproinc.com.au\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#primaryimage"},"image":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2026\/07\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png","datePublished":"2026-07-13T05:44:56+00:00","dateModified":"2026-07-13T05:46:24+00:00","description":"Review key settings that affect tenant security, from MFA and admin roles to sharing controls, so your business can reduce account and data risks now.","breadcrumb":{"@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#primaryimage","url":"\/wp-content\/uploads\/2026\/07\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png","contentUrl":"\/wp-content\/uploads\/2026\/07\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png","width":1536,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.cloudproinc.com.au\/index.php\/2026\/07\/13\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudproinc.com.au\/"},{"@type":"ListItem","position":2,"name":"Is Your Microsoft 365 Tenant Secure 10 Settings to Check Now"}]},{"@type":"WebSite","@id":"https:\/\/cloudproinc.com.au\/#website","url":"https:\/\/cloudproinc.com.au\/","name":"Cloud Pro Inc - CPI Consulting Pty Ltd","description":"Cloud, AI &amp; Cybersecurity Consulting | Melbourne","publisher":{"@id":"https:\/\/cloudproinc.com.au\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudproinc.com.au\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cloudproinc.com.au\/#organization","name":"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd","url":"https:\/\/cloudproinc.com.au\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/logo\/image\/","url":"\/wp-content\/uploads\/2022\/01\/favfinalfile.png","contentUrl":"\/wp-content\/uploads\/2022\/01\/favfinalfile.png","width":500,"height":500,"caption":"Cloud Pro Inc - Cloud Pro Inc - CPI Consulting Pty Ltd"},"image":{"@id":"https:\/\/cloudproinc.com.au\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cloudproinc.com.au\/#\/schema\/person\/192eeeb0ce91062126ce3822ae88fe6e","name":"CPI Staff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2d96eeb53b791d92c8c50dd667e3beec92c93253bb6ff21c02cfa8ca73665c70?s=96&d=mm&r=g","caption":"CPI Staff"},"sameAs":["http:\/\/www.cloudproinc.com.au"],"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/author\/cpiadmin\/"}]}},"jetpack_featured_media_url":"\/wp-content\/uploads\/2026\/07\/is-your-microsoft-365-tenant-secure-10-settings-to-check-now.png","jetpack-related-posts":[{"id":57691,"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2026\/06\/26\/why-microsoft-365-security-remains-a-blind-spot-for-smbs\/","url_meta":{"origin":57853,"position":0},"title":"Why Microsoft 365 Security Remains a Blind Spot for SMBs","author":"CPI Staff","date":"June 26, 2026","format":false,"excerpt":"Microsoft 365 is powerful, but many SMBs leave key security settings untouched. Here\u2019s where the risk hides and what to fix first.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png 1x, \/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png 1.5x, \/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png 2x, \/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png 3x, \/wp-content\/uploads\/2026\/06\/why-microsoft-365-security-remains-a-blind-spot-for-smbs.png 4x"},"classes":[]},{"id":57534,"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2026\/05\/05\/how-to-move-from-basic-microsoft-365-setup-to-a-proper-secure-workplace\/","url_meta":{"origin":57853,"position":1},"title":"How to Move from Basic Microsoft 365 Setup to a Proper Secure Workplace","author":"CPI Staff","date":"May 5, 2026","format":false,"excerpt":"Most Microsoft 365 environments are deployed for productivity first and secured later, if at all. That is how many Australian businesses end up with the appearance of control without the substance of it. Email works. Teams works. Files sync. Staff can work from anywhere. But the tenant still has weak\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png 1x, \/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png 1.5x, \/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png 2x, \/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png 3x, \/wp-content\/uploads\/2026\/05\/move-from-basic-microsoft-365-to-secure-workplace-cover.png 4x"},"classes":[]},{"id":57850,"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2026\/07\/12\/microsoft-365-security-health-check-first-steps-for-australia\/","url_meta":{"origin":57853,"position":2},"title":"Microsoft 365 Security Health Check First Steps for Australia","author":"CPI Staff","date":"July 12, 2026","format":false,"excerpt":"A practical guide for Australian businesses on what to review first in Microsoft 365 to reduce risk, improve compliance, and avoid unnecessary security costs.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png 1x, \/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png 1.5x, \/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png 2x, \/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png 3x, \/wp-content\/uploads\/2026\/07\/microsoft-365-security-health-check-first-steps-for-australia.png 4x"},"classes":[]},{"id":57505,"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2026\/04\/29\/the-first-10-things-we-check-in-a-microsoft-365-security-review\/","url_meta":{"origin":57853,"position":3},"title":"The First 10 Things We Check in a Microsoft 365 Security Review","author":"CPI Staff","date":"April 29, 2026","format":false,"excerpt":"When our team starts a Microsoft 365 security review, we focus on the areas that quickly tell us whether an environment is well controlled, loosely managed, or quietly carrying avoidable risk. For many Australian organisations, Microsoft 365 has become the centre of daily work. Email, files, Teams, devices, identities, and\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/category\/blog\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png 1x, \/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png 1.5x, \/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png 2x, \/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png 3x, \/wp-content\/uploads\/2026\/04\/the-first-10-things-we-check-in-a-microsoft-365-security-review-cover.png 4x"},"classes":[]},{"id":449,"url":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/2024\/07\/26\/developing-apps-for-microsoft-teams\/","url_meta":{"origin":57853,"position":4},"title":"Developing Apps for Microsoft Teams","author":"CPI Staff","date":"July 26, 2024","format":false,"excerpt":"In this Microsoft Teams blog post, we will explain the process of developing apps for the Microsoft Teams collaboration platform. As the most popular communication and collaboration platform in the world, Microsoft Teams allows developers to develop custom apps. You can publish Custom apps internally (inside an organisation) or publicly\u2026","rel":"","context":"In &quot;Microsoft 365&quot;","block_context":{"text":"Microsoft 365","link":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/category\/microsoft-365\/"},"img":{"alt_text":"","src":"\/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp","width":350,"height":200,"srcset":"\/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp 1x, \/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp 1.5x, \/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp 2x, \/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp 3x, \/wp-content\/uploads\/2024\/07\/Developing-Apps-for-Microsoft-Teams.webp 4x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/57853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/comments?post=57853"}],"version-history":[{"count":1,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/57853\/revisions"}],"predecessor-version":[{"id":57854,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/posts\/57853\/revisions\/57854"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/media\/57855"}],"wp:attachment":[{"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/media?parent=57853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/categories?post=57853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudproinc.azurewebsites.net\/index.php\/wp-json\/wp\/v2\/tags?post=57853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}