m365 basic Admin Console

✅ Microsoft 365 Business Basic – Security Settings Checklist

🔐 1. Account Security

• Enable Security Defaults in Microsoft Entra ID:

  • Enforce Multi-Factor Authentication (MFA) for all users

  • Block legacy authentication protocols

  • Protect privileged access

• Create break-glass admin accounts with long, complex passwords

• Limit number of admin accounts (apply least privilege principle)

• Use non-admin accounts for daily tasks

📧 2. Email & Collaboration Security

• Use default email protections for cloud mailboxes

• Configure anti-phishing and anti-spam policies in Exchange Admin Center

• Enable Safe Links and Safe Attachments (if Defender for Office 365 Plan 1 is purchased separately)

🛡️ 3. Spoofing & Authentication

• Configure SPF:
  Add TXT record: v=spf1 include:spf.protection.outlook.com -all

• Configure DKIM:
  Enable DKIM signing in Exchange Admin Center

• Configure DMARC:
  Add TXT record: v=DMARC1; p=quarantine; rua=mailto:admin@yourdomain.com

📱 4. Device Security (Basic Mobility & Security)

• Enable Basic Mobility and Security in Microsoft 365 Admin Center

• Create device policies:

  • Require PIN/password

  • Block jailbroken/rooted devices

  • Encrypt data on devices

• Enroll devices (BYOD or company-owned)

• Configure Apple Push Notification Certificate for iOS devices

📣 5. Monitoring & Alerts

• Use Microsoft 365 Defender portal for basic threat insights

• Enable email alerts for suspicious activity

• Review audit logs in Microsoft Purview (limited in Business Basic)

🚫 Not Included in Business Basic

• ❌ Microsoft Defender for Office 365 (Plan 1 or 2) – requires separate license

• ❌ Microsoft Intune – available in Business Premium

• ❌ Microsoft Defender for Endpoint – available in Business Premium

• ❌ Advanced DLP, Compliance Manager, Insider Risk Management