The M365 Security Lockdown: I audit your Microsoft 365 setup against the questions insurers actually ask, fix what's failing, and hand you a plain-English report you can submit with your application.
Most small businesses run Microsoft 365 on the default settings it shipped with. The defaults are not secure — and your insurer knows it.
I review your Microsoft 365 tenant with read-only access: identity, email security, file sharing, devices, and logging. You get a clear pass/fail picture, mapped to the questions on cyber insurance applications.
MFA for everyone, legacy sign-in methods blocked, email spoofing protection, safe sharing defaults, device encryption verified. Changes are scheduled with you so nobody gets locked out mid-day.
A short report scoring your environment before and after, written for owners and insurers — not IT people. Submit it with your renewal or keep it as proof of due diligence.
MFA coverage, admin account hygiene, legacy authentication, guest access.
Spoofing protection (SPF, DKIM, DMARC), anti-phishing policies, hidden forwarding rules.
SharePoint and OneDrive sharing defaults, anonymous links, external access.
Encryption on laptops, management enrollment, update policies, lost-device protection.
Audit logging, alerting, suspicious sign-in review — the flight recorder for your business.
Ex-employee accounts, stale logins, shared mailboxes, forgotten app access.
Most clients start with the Lockdown. These are the things they ask for next.
Automated watch on sign-in anomalies, new forwarding rules, and policy drift — with a human (me) reviewing alerts. Monthly summary included.
New business tenant setup done right from day one, or migration from Google Workspace and GoDaddy-managed email into a clean, secure Microsoft 365.
The repetitive thing your team does every day — lead intake, document handling, onboarding paperwork — built into an automated workflow that just runs.
I'm John — a U.S. Navy veteran and IT engineer based in New Rochelle. My day job is enterprise Microsoft 365 and Entra ID administration: the identical security controls insurers ask about are what I configure and troubleshoot every single day.
VitaTech exists because small businesses get a bad deal on security: too small for the big consultancies, too important to run on defaults. You work directly with me, the scope is in writing, and the audit account I use can't change anything — it can only look.
Email me what you're working with — or just forward the questionnaire. I'll tell you plainly whether you need the Lockdown or you're already in good shape.
john@vitatech360.com