Microsoft 365 is not secure out of the box, and attackers know it. Most tenants ship with default configurations that leave critical gaps across identity, email, endpoints, and data protection. These gaps are not hypothetical. They are actively exploited in the wild, and many organizations don't realize they're exposed until something goes wrong.
This session draws on real-world security assessments, incident response engagements, and environments that were either breached or dangerously close to it. I'll walk through more than 20 high-impact security settings across Microsoft Entra ID, Exchange Online, Microsoft Defender for Office 365, Microsoft Intune, Power Platform, and Microsoft Purview that are consistently misconfigured, overlooked, or left at insecure defaults. This session is fast-paced and grounded in what I've seen across production environments, not compliance checklists or vendor documentation. Every misconfiguration is shown with the context of why it exists, what it exposes, and what an attacker does with it. If you're responsible for the security posture of a Microsoft 365 tenant, this is the session that shows you what's likely already wrong in yours.