SECURITYSQUAD
Back to the blog

Cloud security: the most common misconfigurations in Microsoft 365

2026-06-24 · by SECURITYSQUAD

Cloud security: the most common misconfigurations in Microsoft 365

"Moving to the cloud" sounds like a security gain – and can be one. The catch: the provider secures the platform, but you are responsible for configuring your own environment. This shared-responsibility model is often misunderstood, and the result is gaps that have nothing to do with the cloud itself, but with its settings.

The classic: missing multi-factor authentication

The most common finding in our cloud assessments is both mundane and dangerous: accounts that can log in with just a username and password. A single leaked password is then enough for access. Multi-factor authentication – ideally enforced through conditional access policies – closes this door with little effort.

Too many rights, reviewed too rarely

Permissions grow over time; roles are granted and rarely revoked. This creates accounts with far more rights than they need – a feast for attackers. A regular look at who can access what, especially for administrative accounts, is basic hygiene for any cloud environment.

Sharing that reaches further than intended

In Microsoft 365, documents can be shared in a few clicks – including externally, including anonymously. That's convenient and quickly becomes a data-protection problem. Sensibly configured default policies for external sharing prevent sensitive content from leaving the company unnoticed.

Security features that stay unused

Most environments come with far more protection than is switched on. Logging, alerts for suspicious logins, protection against malicious attachments – much of it lies dormant because nobody enabled it and nobody keeps an eye on it. Using these features noticeably raises your security level at no extra cost.

Set it up right, then stay on it

Cloud security isn't a one-off project. Configurations drift, new features arrive, settings change with updates. An assessment first creates clarity about the current state; regular configuration monitoring ensures the environment stays secure rather than slowly slipping.

That's how you use the advantages of the cloud without taking on new risks.

Read more: Expertise & Services · Cyber Risk Check · GUARDIANVIEW – Managed SIEM