MS365 tenancy security health check suggestions

Occasional Contributor

Are there any useful key controls checklists that could be used as a template to run some checks over an office 365 business tenancy (including Azure AD), to look for common security & access related misconfigurations and risks. Or any tools that will scan current settings, permissions etc and report back with recommendations for improvements and where things could be tightened up?   I was hoping for something like the 'top 10' common areas that systems admins could potentially get things wrong with risk implications (e.g. could result in unauthorised access to corporate data), to check we haven’t made the same mistakes, or if we have that we promptly address them.

3 Replies
Plenty of such resources are available online, scripts, the M365 DSC tool, even some free vendor implementations. Do a search, pick your poison :)

Thanks for the reply. Can you recommend any particular scripts you have found useful when doing equivalent checks at your company/clients? It would be interesting to learn about what kinds of issues and misconfigurations the scripts are checking for. And can you provide any pointers to the vendor implementation guides please.