Microsoft 365 Optimisation: Are You Missing Critical Features?

SharePoint Is More Than File Storage – It Is Your First Line of Control

Microsoft Defender – Built-In Security That Often Goes Unused

Microsoft Purview and Data Loss Prevention – Controlling Where Your Data Goes

How These Tools Work Together to Control Access and Reduce Risk

The Opportunity Most Businesses Overlook

Are You Actually Using What You Are Paying For?

Frequently Asked Questions (FAQs)

Most businesses treat SharePoint as a shared drive in the cloud.

Files are uploaded. Folders are created. Access is given. Job done.

That approach works until it doesn’t.

Think about the type of data your business holds. CVs, financial records, HR documentation, client contracts. Now consider how easy it is for that information to be downloaded, shared, or accessed by the wrong person.

In many organisations, permissions are too broad, external sharing is loosely controlled, and there is little visibility over who is doing what with sensitive files.

When properly configured, SharePoint becomes something very different.

It allows you to:

• Set precise access controls at site, folder, or file level
• Restrict downloads to unmanaged or personal devices
• Control external sharing with approval workflows
• Track user activity through detailed audit logs
• Apply sensitivity labels to automatically protect documents

Instead of relying on users to behave correctly, the system enforces the rules for you.

MFA remains extremely valuable. Research shows it can prevent the vast majority of automated account compromise attempts.

However, attackers increasingly target the human and technical gaps around MFA rather than the technology itself.

Here are some of the most common techniques used today.

Many organisations assume they are protected because they have antivirus in place.

But modern cyber threats do not behave like traditional viruses.

Phishing emails, credential theft, and account takeovers are now the most common attack methods. According to UK government research, phishing remains the most widespread form of cyber attack affecting businesses.

Microsoft Defender is designed to deal with exactly these types of threats.

It is not a single tool, but a set of integrated security capabilities that are often already included within Microsoft 365 licences.

Depending on your setup, this can include:

• Protection against phishing and malicious links in email
• Monitoring of devices for suspicious activity
• Detection of unusual login behaviour or compromised accounts
• Automated responses to potential threats

For example, if a user clicks a malicious link and their credentials are exposed, Defender can detect unusual login patterns and flag or block access before damage is done.

The issue is not availability. It is that many firms have not enabled or configured these features properly

Microsoft Purview is one of the least understood parts of Microsoft 365, yet it plays a critical role in protecting sensitive information.

It acts as a data governance and compliance layer, helping you understand what data you hold and how it is being used.

Within Purview sits Data Loss Prevention, which focuses on one of the biggest risks businesses face. Data leaving the organisation when it should not.

This is not always malicious. In many cases, it is accidental.

A consultant emails a document to a personal account to work from home. A recruiter downloads candidate data to a personal device. A file is shared externally without realising what it contains.

These everyday actions are behind a significant number of data breaches. The ICO continues to report that human error is one of the leading causes of incidents (https://ico.org.uk/action-weve-taken/complaints-and-concerns-data-sets/data-security-incident-trends/).

With Purview and DLP configured, you can:

• Block emails containing sensitive data such as financial information or personal identifiers
• Prevent files from being shared outside the organisation
• Restrict downloads to secure, managed devices
• Automatically detect and classify sensitive data
• Alert administrators to risky behaviour

This shifts your business from reacting to problems to preventing them.

On their own, each of these tools is useful. Together, they create something far more powerful.

SharePoint controls where your data lives and who can access it.
Defender protects your environment from external threats and suspicious activity.
Purview and DLP ensure your data is handled appropriately and does not leave your business without control.

The result is not just better security. It is better visibility and control.

For example:

An employee logs in from an unfamiliar location.
Access to sensitive files is limited based on device and risk.
Attempts to download or share data are restricted.
An alert is triggered for review.

That is what a properly configured Microsoft 365 environment looks like in practice.

Recruitment, accountancy, and professional services firms are built on trust.

You are handling sensitive personal data, financial information, and confidential client material every day. That makes you a high-value target.

When something goes wrong, the impact is not just technical.

It affects client relationships, reputation, and compliance obligations.

A recent UK example highlights this clearly. The Capita cyber incident disrupted services and exposed data linked to millions of individuals (https://www.bbc.co.uk/news/technology-65173306).

While not every organisation faces something on that scale, the underlying issue is the same. Attackers exploit gaps in access control, visibility, and data protection.

For professional services firms, even a smaller incident can lead to:

• Loss of client confidence
• Regulatory scrutiny
• Financial penalties
• Reputational damage that is difficult to recover from

This is why simply having Microsoft 365 is not enough. It needs to be configured in a way that reflects the sensitivity of the data you manage.

Improving security and control does not always require new tools or additional spend.

In many cases, the biggest improvements come from:

• Enabling features that are already included in your licence
• Configuring them properly
• Aligning them with how your business operates

It is common to find organisations that:

• Have Microsoft Defender but are not fully using it
• Have no Data Loss Prevention policies in place
• Have overly broad SharePoint access permissions

These are not technology limitations. They are configuration gaps.

And they represent a clear opportunity.

Most businesses we speak to assume their Microsoft 365 setup is doing what it should.

Until we look under the surface.

At Blue Saffron, we regularly review Microsoft environments for recruitment and professional services firms, and the same patterns come up time and time again:

• Security features are available but not fully configured
• Data access is broader than the business realises
• Sensitive information can be downloaded or shared too easily

None of this is unusual. But it does create risk.

The issue is not the Microsoft licence itself. It is the gap between what is included and how it is set up.

That gap is where most security and compliance issues start.

A short Microsoft 365 review can quickly highlight:

• What you are already using
• What is available but not enabled
• Where your biggest risks sit

From there, it becomes much easier to make informed decisions about what actually needs to change.

If you are not completely confident in how your environment is configured, it is worth sense-checking it. Most firms are closer than they think, they just need to make better use of what is already there.