Many organisations assume that moving to the cloud means much of their security posture is handled automatically. But that assumption can create blind spots. In the latest episode of the Security Strategist Podcast, Trisha Pillay from EM360Tech speaks with Rob Edmondson, Senior Director of Product Marketing at CoreView, about cyber resilience in Microsoft 365 environments and what tenant hardening means in practice.

As organisations rely more heavily on Microsoft 365 for collaboration, identity management, and device control, understanding how the environment is configured becomes increasingly important for security teams.

Microsoft 365 Has Grown Beyond Its Original Scope

When Microsoft first introduced Microsoft 365 as Office 365, it primarily focused on email and productivity tools. Security strategies often revolved around protecting inboxes and ensuring that business data was backed up. According to Edmondson, that model no longer reflects how the platform is used today. Microsoft 365 now includes a wide range of services that support identity management, device management, compliance, and collaboration. Many of these services sit at the centre of daily business operations.

This shift means that security risks are no longer limited to email or file storage. Identity platforms, collaboration tools, and endpoint management capabilities all operate within the same tenant. If critical settings are misconfigured, the impact can extend across multiple systems at once. For security leaders, the challenge is recognising that the platform has evolved into something far more complex than many organisations initially planned for.

Why Visibility Into Configurations Is Still Limited

One of the main themes in the discussion is visibility. Edmondson explains that many organisations simply do not have a clear view of how configurations change within their Microsoft 365 tenants.

Attackers often exploit these blind spots. If they gain access to an environment, they may modify configurations that allow them to regain access later. Because some of these changes are subtle, they may go unnoticed for long periods. However, not all configuration drift comes from attackers. Administrative errors or platform updates can also change settings in ways that affect security or operations.

This is why documentation still plays a role. Edmondson suggests that even basic records of key configurations can help organisations understand their environment and recover faster during incidents. While documenting every setting in a large tenant may not always be practical, identifying and tracking the most critical configurations can provide a starting point for stronger oversight.

Read The Anatomy of a Microsoft 365 Attack

When M365 Becomes Attack Surface

Why M365 now functions as critical attack surface, and how its shared services reshape incident paths and executive risk decisions.

Download Now
anatomy microsoft 365

Reducing Privilege and Strengthening Tenant Resilience

Another concern discussed in the episode is the issue of excessive privileges. Many administrator roles in Microsoft 365 grant access across an entire tenant, which can increase risk if those accounts are compromised. Edmondson argues that reducing standing privileges should be a priority. Instead of granting broad permissions by default, organisations should consider limiting administrative access to only what is necessary.

Tenant hardening plays an important role here. By tightening configuration controls and carefully managing privileges, organisations can reduce the likelihood that a single compromised account leads to a wider security incident.

The goal is not simply to add more security controls, but to build a clearer understanding of how the tenant operates and how it could be restored if something goes wrong. The full conversation on the Security Strategist Podcast explores these challenges in greater depth, including configuration visibility, tenant recovery scenarios, and the practical steps security teams can take to improve resilience in Microsoft 365 environments.

If you would like to find out more, visit coreview.com

Takeaways

  • Microsoft 365 now covers identity, device, compliance, and collaboration tools.
  • Security risks extend far beyond just email and file storage.
  • Limited visibility into configuration changes creates blind spots.
  • Excessive administrative privileges increase the potential impact of a compromise.
  • Strengthening configurations and planning for recovery helps organisations respond more quickly.