Spectrum IT Services logo
Spectrum IT Services Managed IT • Security • Cloud
Resource • Security

MFA & admin hygiene checklist (Microsoft 365)

A short checklist that reduces the most common causes of account compromise. Use this as a starting point.

10 quick checks

  1. Enable MFA for all users. Start with admins, then roll out to everyone.
  2. Use separate admin accounts (no daily browsing/email) for privileged access.
  3. Confirm legacy authentication is blocked (basic auth is a common risk).
  4. Apply conditional access policies for high-risk logins and geo anomalies.
  5. Review global admin count — keep it minimal and justify each account.
  6. Check that security alerts are configured and routed to the right mailbox.
  7. Implement strong password policy and discourage password reuse.
  8. Ensure mailbox forwarding rules are monitored and controlled.
  9. Confirm device compliance or baseline hardening for corporate devices.
  10. Validate backups exist for critical data and can be restored.

If you want this done properly

We can assess your tenant, implement a security baseline, and document changes with a clear handover.

Cyber security service page