IT LEGENDS LLC IT Guides & Resources

Microsoft 365 Security Basics for Solo Pros & Small Teams

If your email, files, and day-to-day work live in Microsoft 365, your tenant security matters just as much as your front door locks.

1. Turn On Multi-Factor Authentication (MFA)

If you only do one thing after reading this article, make it this. MFA prevents most basic password-based attacks.

  • Require MFA for all users, not just “admins”.
  • Avoid SMS codes where possible; use an authenticator app.

2. Clean Up Old and Shared Accounts

Many small businesses keep old employee accounts “just in case” or share one mailbox for multiple people.

  • Disable or remove accounts for former staff.
  • Avoid sharing one login between multiple users.
  • Use shared mailboxes where more than one person needs access.

3. Use Strong Password Policies

Passwords shouldn’t be the only line of defense, but they still matter:

  • Require strong passwords and block common patterns.
  • Encourage password managers instead of sticky notes.
  • Turn on “smart lockout” or equivalent to stop repeated guessing.

4. Protect Admin Accounts

Global admins have powerful access. If a hacker gets one of these accounts, they own your tenant.

  • Limit how many global admins you have.
  • Require MFA for admin accounts (non-negotiable).
  • Use separate accounts for admin tasks vs daily email.

5. Back Up Your Microsoft 365 Data

Microsoft keeps the platform running, but you are still responsible for your data.

  • Consider a third-party backup for Exchange, OneDrive, and SharePoint.
  • Have a simple process for recovering accidentally deleted files or mail.

6. Train Your Team on Phishing

Most attacks we see in small organizations start with a convincing email.

  • Teach staff to slow down before clicking links or opening attachments.
  • Encourage them to ask if they’re unsure — no shaming.

Want IT LEGENDS to Manage This For You?

If your business is in Illinois and you’d rather not live in the Microsoft 365 admin center, IT LEGENDS can manage it for you as part of our Business Essentials or Industry Plus bundles.

We handle user changes, license management, basic security policies, and coordination with other vendors so you can stay focused on your clients.

Talk About Microsoft 365 Management