A consolidated hardening checklist spanning identity, email, endpoint, device, and data protection across the full cluster.
IT KORR Knowledge Center
Microsoft 365 Hardening Checklist
A consolidated hardening checklist spanning identity, email, endpoint, device, and data protection across the full cluster.
Identity & Access
MFA enforced for all users; legacy authentication blocked.
Conditional Access baseline built and tested in Report-only mode.
Administrative roles use just-in-time activation where licensed.
Email
SPF, DKIM, DMARC enforced.
Safe Links and Safe Attachments enabled.
Endpoint
Security baseline deployed and drift-monitored.
Attack surface reduction rules in block mode.
EDR enabled and actively monitored (if Plan 2 licensed).
Data
Sensitivity labels defined and applied to key data categories.
DLP policies enabled for highest-risk content types.
Related Resources
Microsoft 365 Security Checklist — /knowledge-center/cloud-productivity/microsoft-365-security/downloads/microsoft-365-security-checklist
This document is a starting-point resource, not legal or compliance advice. Review it against your organization's actual tenant configuration before adoption — see the full Microsoft 365 Security & Entra ID Hub for the reasoning behind each recommendation.