The foundational security controls you implement should be tailored to your customer’s specific needs and compliance obligations. However, Microsoft strongly recommends the following essential security measures as a baseline for all organisations: 

1. Enable Multifactor Authentication (MFA): Microsoft research shows that enabling MFA blocks over 99.9% of automated attacks. It is a critical first line of defence that all users should have enabled to secure their accounts. Microsoft offers built-in MFA with Azure Active Directory, which integrates seamlessly with M365 and Azure services. 
   
   
2. Adopt the Zero Trust Security Model: Zero Trust is a guiding framework that assumes breaches are inevitable. Following the principle of "never trust, always verify," Microsoft recommends implementing identity verification, device health checks, and strict access controls. Microsoft’s Zero Trust architecture includes tools like Microsoft Entra (for identity and access management), Microsoft Defender for Cloud (for workload protection), and Microsoft Sentinel (for threat intelligence and analytics).
   
   
3. Enable Conditional Access Policies: Conditional Access in Azure Active Directory allows you to define specific access requirements based on user, location, device state, and app sensitivity, strengthening access control and minimizing risks associated with unauthorized access.
   
   
4. Implement Endpoint Protection: Microsoft Defender for Endpoint provides advanced threat protection for devices, helping to detect, investigate, and respond to threats on Windows, macOS, iOS, and Android devices. This is essential for protecting endpoints from malware, phishing, and ransomware attacks. 
   
   
5. Use Security Baselines and Compliance Standards: Microsoft offers pre-configured security baselines in Azure and Microsoft 365, aligned with industry standards like CIS, NIST, and ISO, which provide a strong security foundation for compliance. 

MFA is considered a security default by Microsoft. Security defaults are free for every customer in Azure Active Directory Premium P1 & P2, and relevant M365 licenses. 

Zero Trust Architecture is a modern security framework that assumes no user, device, or network segment should be trusted by default, regardless of whether it is inside or outside the organization’s perimeter. Instead, every access request is verified at each step, ensuring strict security controls across all aspects of the digital environment. Microsoft’s Zero Trust model operates on the core principle of "never trust, always verify." 

Here’s how Microsoft implements the Zero Trust principles across its ecosystem: 

1. Verify Explicitly: Microsoft enforces identity verification at every access point, requiring multifactor authentication (MFA) and leveraging Conditional Access policies in Azure Active Directory. This step ensures that users and devices are verified based on all available signals, including user identity, device health, location, and behaviour patterns. 
   
   
2. Use Least Privileged Access: Access is granted based on the minimum permissions needed to complete a task. Microsoft supports this principle with tools like Microsoft Entra Permissions Management, enabling Role-Based Access Control (RBAC) and Just-in-Time (JIT) access to protect critical resources while limiting exposure. 
   
   
3. Assume Breach: In line with Zero Trust, Microsoft assumes that threats may already exist within the network. Microsoft Defender for Cloud and Microsoft Sentinel provide continuous monitoring, threat detection, and response capabilities. With advanced threat intelligence and AI-driven analytics, these tools help detect suspicious activity and respond rapidly to potential breaches. 
   
   
4. Secure Every Layer: Microsoft Zero Trust encompasses identity, endpoints, applications, data, network, and infrastructure. This comprehensive approach includes: 
   
   - Microsoft Defender for end-to-end code to cloud workload protection (CWPP) and posture management (CSPM) 
   
   - Microsoft Purview for data protection and compliance powered by AI 
   
   - Microsoft Sentinel for centralized SIEM/SOAR capabilities and proactive threat hunting powered by machine learning and AI 
   
   By following the Zero Trust model, organisations can create a more resilient security posture that adapts to modern threats, particularly in hybrid and multi-cloud environments. 

For personalised assistance on specific security requirements, you can reach out to the Microsoft team at Dicker Data. Our dedicated experts are available to provide comprehensive guidance across product, sales, and technical support, ensuring that your security needs are addressed in line with Microsoft’s latest solutions. 

Whether you’re navigating complex compliance requirements, implementing Zero Trust, or enhancing threat detection capabilities, our team is ready to assist with tailored advice and best practices. We offer in-depth expertise on Microsoft security products, including Defender, Purview, Sentinel, and more, to help you architect and deploy the best-fit solution for your customer’s environment. 

Contact the Microsoft team at Dicker Data here. Let us help you elevate your security posture with Microsoft’s powerful suite of tools and strategies. 

Microsoft Azure has many global regions. You can search the available geographies here. 

Yes, Microsoft’s security recommendations are applicable to environments of all sizes. Small and medium businesses (SMBs), like larger enterprises, face growing cybersecurity threats and can benefit from implementing Microsoft’s security best practices. Key controls such as Multi-Factor Authentication (MFA), Zero Trust principles, and endpoint protection are crucial regardless of environment size. 

Microsoft provides solutions tailored to SMB needs, such as Microsoft 365 Business Premium, which includes MFA, Conditional Access, and Defender for Business for comprehensive endpoint protection. These solutions offer robust protection that is scalable, cost-effective, and manageable even for smaller IT teams, ensuring that security standards remain high without overwhelming resources. 

This can be achieved by using RBAC and following the principle of least privilege. For more information on the type of roles available please explore here. 

Azure AD provides a sign-in activity report that can be utilized to check any malicious login attempts to the service. These logs can be further analysed by ingesting the data in log analytics/Microsoft Sentinel. 

Various compliance standards such as CIS, and ISO2700 provide detailed instructions around security best practices. Microsoft Azure security benchmark can be used as a reference to implement various security controls for Azure. You can read more  here.  

1. Unified Security Across Multi-Cloud Environments: 
Microsoft Security solutions provide a seamless security framework that spans multi-cloud and hybrid environments. With tools like Microsoft Defender for Cloud, businesses can monitor and protect assets across Azure, AWS, Google Cloud, and on-premises setups, ensuring a consistent security posture across complex IT landscapes. 

2. Advanced Threat Intelligence and AI-Powered Defence: 
Microsoft leverages a vast global network and applies AI-driven threat intelligence to detect and mitigate threats in real-time. This capability, embedded in tools like Microsoft Sentinel and Defender, allows businesses to proactively identify and respond to sophisticated threats, enhancing the effectiveness of their security operations. 

3. Zero Trust Architecture: 
Built on Zero Trust principles, Microsoft’s security approach ensures that no entity, whether internal or external, is trusted by default. Every access attempt is verified, providing comprehensive protection across all assets, identities, and endpoints. This model is especially valuable for businesses adapting to distributed work environments and a growing attack surface. 

4. End-to-End Coverage with a Broad Security Portfolio: 
Microsoft offers a complete suite of security tools that cover every aspect of an organisation's environment, from identities and endpoints to applications, data, and infrastructure. This integration reduces security gaps and simplifies management, making it easier for businesses to maintain a cohesive and comprehensive security strategy. 

5. Cost Efficiency and Vendor Consolidation: 
Consolidating security under a single vendor like Microsoft reduces complexity and enables cost savings. Microsoft’s unified platform allows organisations to manage multiple security functions without relying on numerous third-party solutions, lowering both licensing costs and operational overhead. 

6. Proactive Compliance and Risk Management: 
Microsoft provides built-in tools for continuous compliance monitoring and risk management. Features like Secure Score and compliance tracking through Defender for Cloud help businesses maintain alignment with regulatory standards, supporting proactive risk management and giving organisations peace of mind about compliance. 

7. Industry Leadership and Innovation: 
Microsoft is recognized as a leader in cybersecurity, consistently investing in research and development to tackle evolving cyber threats. This commitment ensures that businesses benefit from cutting-edge protection that adapts to the dynamic cybersecurity landscape, making Microsoft a strong choice for organisations seeking a robust, scalable, and future-ready security solution. 

Dicker Data recommends the following actions:  

1. Setup MFA. Compromised passwords are one of the most common ways that bad guys can get at your data, your identity, or your money. Using multifactor authentication is one of the easiest ways to make it a lot harder for them.    

2. Setup a recovery password. If a hacker gains access to the account and resets the password, you’ll need to follow the password reset steps in order to get back into your account.  

In the instance where your tenants are compromised, Microsoft account recovery steps here will help guide you when filling out the account recovery form. Note however that it can be a lengthy process as it's designed to ask questions about your account that only you can answer.