The flip side of that coin means that Office 365 may well be the single biggest target on the Internet for attacks, account compromise activity, and theft of information. Any business using Office 365 needs to seriously consider their security, and it’s not enough to have the attitude of “we pay Microsoft for that.” Microsoft handles the security of the overall platform and its supporting infrastructure, and tries to ensure reasonable default security controls, but it’s ultimately up to the user to safeguard themselves and their information appropriately. Put another way: modern cars are built with advanced features and much safer than at any time in the past – but it’s still up to you to not drive recklessly and crash into a pole.
What this means for Office 365 Administrators is to start by following best practices and Microsoft recommendations when it comes to fine-tuning your Office 365 settings. It is your responsibility to make sure when you manipulate these settings to fit you, your business, and how your people interact with it achieves a balance between functionality and productivity with effective protection.