M365 Tenant Hardening Kit
Everything you need to secure your Microsoft 365 tenant. Security baselines, conditional access templates, audit monitoring, and incident response playbooks.
What's included
Security-Baseline-Checklist.xlsx Comprehensive M365 security settings audit checklist with 80+ items across identity, email, SharePoint, Teams, and compliance
ConditionalAccess-Policies.md Documented conditional access policy templates: MFA enforcement, device compliance, location-based, legacy auth blocking
Get-AuditLogMonitor.ps1 PowerShell script that monitors M365 audit logs for suspicious activity and sends alerts via email or Teams webhook
IncidentResponse-Playbook.md Step-by-step incident response procedures for: compromised account, BEC attack, data exfiltration, and consent phishing
Tenant-Hardening-Report.ps1 Generates an executive-ready report of your current M365 security posture against CIS benchmarks
Why this matters
Most small IT teams set up their M365 tenant and never look at security settings again. Default configurations leave significant gaps: legacy authentication enabled, no conditional access policies, audit logging turned off, and no plan for when something goes wrong.
This kit gives you the complete playbook. The security checklist covers 80+ settings across identity, email, SharePoint, Teams, and compliance — mapped to CIS benchmarks so you know exactly where you stand.
The incident response playbooks cover the four most common M365 security incidents we see in the field: compromised accounts, business email compromise, data exfiltration attempts, and consent phishing attacks. Each playbook has step-by-step instructions so your team can respond quickly, even at 2 AM.
Also included in The Vault subscription