Microsoft 365 Admin Basics: The Settings Every Small Business Admin Should Know

The admin console most admins don’t fully use

When a small business sets up Microsoft 365, the admin console (admin.microsoft.com) is where everything is configured. Most admins set up user accounts and stop there. A few hours configuring the right settings prevents a disproportionate number of security incidents and operational problems.

Security settings: do these first

Enable Security Defaults: Admin Center → Azure Active Directory → Properties → Manage Security Defaults → Enable. Security defaults enforce MFA for all users, block legacy authentication protocols (which are commonly exploited), and provide a strong security baseline with one toggle. If your organization has no specific reason to use custom Conditional Access policies, Security Defaults is the right starting point.

Multi-Factor Authentication: If you don’t use Security Defaults, go to Admin Center → Users → Active Users → Multi-factor authentication and enable it for all users. MFA prevents the vast majority of account compromise attacks.

Audit Log: Admin Center → Compliance → Audit. Ensure audit logging is turned on. This logs admin and user activity and is essential for investigating any security incidents.

User management basics

Naming and license assignment: Decide on your UPN format (user@domain.com) and assign licenses appropriately — not every user needs every Microsoft 365 license tier. Assign the minimum license that covers each user’s actual needs.

Groups and shared mailboxes: Create shared mailboxes (not licensed accounts) for functional email addresses like info@, support@, billing@. Shared mailboxes are free. Create Microsoft 365 Groups or Teams for project-based collaboration.

Offboarding checklist: When a user leaves: block sign-in immediately, reset their password, convert their mailbox to a shared mailbox for 90 days (so their email is accessible), and reassign their OneDrive files to their manager.

Teams and SharePoint configuration

Default privacy for Teams: Set new Teams to private by default (members must be added manually). Admin Center → Teams → Teams settings → By default, new teams are private.

External sharing in SharePoint: Admin Center → SharePoint → Policies → Sharing. Review and restrict external sharing to what your business actually needs — the default is more permissive than most small businesses require.