What should be included in a Microsoft 365 security audit?
A useful Microsoft 365 security audit should look at more than whether email works. It should review MFA, risky sign-ins, admin accounts, mailbox forwarding, leaver accounts, external sharing, third-party apps, licensing and backup requirements.
The outcome should be a clear action list: what is urgent, what is important and what can be planned later.