MrTech Melbourne
All guides

Security

Microsoft 365 security checklist

A practical checklist for Entra ID, Exchange Online, SharePoint and Teams — the settings Melbourne admins most often miss.

By Jason.YPublished 1 Apr 2026Updated 2 June 20266 min read
Need help with this? Talk to our Microsoft 365 team
Microsoft 365 security checklist
01

Identity and access

Enforce MFA for all users, block legacy authentication, use Conditional Access to require compliant devices for company data, and limit Global Administrator accounts to named break-glass identities with phishing-resistant methods where possible.

02

Email and collaboration

Enable DKIM signing, align SPF and DMARC, turn on anti-phishing and safe attachments/links policies, and review mail forwarding rules regularly. Disable automatic external forwarding unless a documented business need exists.

03

Data and sharing

Default SharePoint and OneDrive sharing to authenticated users only, label sensitive data where regulations require it, and audit guest access quarterly. DLP policies can wait until basics are solid — open sharing causes more day-to-day pain for SMEs.

04

Monitoring and recovery

Turn on unified audit logging, forward high-severity alerts to a monitored inbox or SIEM, and test restore from Microsoft 365 backup or third-party backup at least twice a year. Document offboarding: disable accounts, revoke sessions, and reassign OneDrive within 24 hours.

Related service

This is part of our Microsoft 365 service for Melbourne businesses.

Explore Microsoft 365

Try it now

Run the related tools

Need a hand?

Run the tools. Then talk to us.

Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.

Keep reading

More guides