If your business runs on Microsoft 365, you probably sleep a little easier knowing your emails, files, and spreadsheets are hosted by one of the biggest technology giants on the planet.
And you should, Microsoft's infrastructure is incredibly secure.
But there is a massive, industry-wide misunderstanding about where Microsoft’s job ends and your responsibility begins. In the IT world, this is known as the ‘Shared Responsibility Model’.
To put it simply, Microsoft is responsible for keeping the system running. But you are responsible for what you put inside it, and who you let in.
Here is a simple way to look at it, and the two major security gaps that most local businesses are accidentally leaving wide open.
Think of it like an office rental
Microsoft 365 is a bit like renting space in a brand-new, high-security commercial office building.
The building owners (Microsoft) do an amazing job. They secure the physical structure, make sure the power and water are always running, install heavy-duty locks on the exterior doors, and ensure the building doesn't fall down.
But once you move in, the landlords can't control:
Who your team invites inside
If an employee accidentally leaves a window wide open overnight
If someone walks out the door with a filing cabinet.
In the cloud, you still own your data and your identities. If a hacker tricks an employee into giving away their password, or if a team member accidentally deletes a critical folder, Microsoft won’t step in to save the day.
Here are the two easiest ways to lock your windows and doors.
Multi-Factor Authentication
Imagine having a state-of-the-art security door, but leaving the key sitting on the welcome mat. That’s what it’s like running Microsoft 365 without Multi-Factor Authentication (MFA).
If a hacker guesses or steals an employee's password, and MFA isn't turned on, they can walk right through your front door from anywhere in the world. They don't need to break in, they just log in.
To fix this, enforce MFA across all user accounts. It is the single most effective tool to stop identity theft and email hijacking in its tracks.
Third-Party Cloud Backups
One of the biggest myths in business technology is that because your data is ‘in the cloud,’ it is automatically backed up.
It isn't.
Microsoft is responsible for system availability, making sure your Outlook and OneDrive are online. But they do not keep historical, point-in-time backups of your specific files. If a user deletes an email folder or a synced OneDrive folder gets encrypted by ransomware, Microsoft’s native recycle bins only hold that data for a very short period before it is permanently gone.
To fix this plug in an independent, third-party cloud backup solution. For a few dollars a month per user, it takes quiet snapshots of your emails, SharePoint, and Teams data multiple times a day, storing it securely outside of Microsoft's environment so you can restore any file from any date instantly.
Knowing Where the Lines Are Drawn
At Satori Tech, we love supplying and managing Microsoft licensing for our clients. But we want to make sure we're always working as a team to keep your business safe.
Securing your business isn't about setting up complex technical barriers. It’s about being aligned on who does what so that when you close up shop for the weekend, you know your digital front door is bolted.
Want to check where your business stands? Let’s do a quick, painless health check of your M365 setup.
📞 07 213 0982
✉️ support@satoritech.co.nz
👉 Contact Us
