The M365 Security Baseline Checklist for MSPs

10 high-impact controls every MSP should audit and enforce — before a client calls you about a breach.

M365 Security Baseline Checklist

Identity attacks on M365 are up 32%. BEC losses hit $3 billion in 2025. Most of those attacks exploited gaps that take less than two hours to close.

This checklist covers the 10 controls from the CIS M365 Foundations Benchmark v6.0.1 that give you the highest risk reduction per hour of effort, with step-by-step fix instructions built for multi-tenant MSP environments.

Download this checklist to:

  • 10 prioritized controls — each with a CIS reference, risk score (1–10), and estimated remediation time
  • Step-by-step fix instructions — exactly where to find each setting, and how to fix it
  • MSP-specific pro tips — covering the edge cases that break things in client environments

Fill out the form to get your checklist.

Download Now