After 25 years in IT and a decade focused on Microsoft 365, Hamilton365's principal specialist Jamie Hamilton has reviewed hundreds of M365 tenants. These five checks, taking under 30 minutes, are a reliable indicator of overall tenant health and where the highest risks lie.
Global Admin is the highest privilege role in M365. Best practice: 2–4 dedicated admin accounts, not the daily-use account. What Hamilton365 typically finds: anywhere from 2 to 12, with at least some being the business owner's personal M365 account used for everything.
The Entra ID Authentication Methods report shows gaps, users who haven't registered, accounts excluded from policies, or legacy auth still permitted. Most tenants have MFA nominally enabled but with meaningful gaps.
A 30-second DNS check that indicates whether anyone has been thinking about email authentication. Approximately half of the tenants Hamilton365 reviews have no DMARC record at all.
Filtering users by last sign-in date reveals accounts belonging to departed staff, sometimes still on Business Premium licences. Almost every tenant has at least a few.
The top recommended actions are more informative than the absolute score. Most SMB tenants Hamilton365 reviews have Secure Scores well below 50% of what their licences would support. Fewer than one in ten pass all five checks without at least one significant finding.
M365 Health Check & Onboarding Review