Today's columnist, Kelly White of RiskRecon, runs through seven questions security teams need to consider when setting up the controls for Microsoft 365 Enterprise. Coolcaesar CreativeCommonsAttribution-ShareAlike 4.0 International (CC BY-SA 4.0) Much like many cloud services, Microsoft 365 Enterpriseâs core value proposition becomes its primary challenge for security teams. The cloud-based suite of productivity apps and services (formerly Office 365) lets companies create, share and collaborate from anywhere on any device. Even if an enterprise does not operate on Microsoft 365, no doubt a large percentage of its business partners are, especially with the increased need for remote collaboration during the pandemic. While Microsoft 365 offers an expansive set of capabilities, the core security controls boil down to a pretty short set of essentials, achieved through Microsoftâs unified identity and access management architecture. While itâs a short control list, security pros need to get the configurations right. Microsoft 365âs default configurations are pretty promiscuous. These default settings include letting non-privileged users invite guest users to the organizationâs Azure Active Directory and default file sharing settings.