Just finished auditing a 500-user M365 tenant. Findings:

- 47 users with no MFA
- 12 Global Admins (should be 2-4)
- External sharing wide open
- No audit logging
- DMARC not enforced

This tenant had 'security tools' installed. Tools without configuration = false confidence.

#M365Audit #SecurityF