Microsoft 365,
managed by TruPoint.
Microsoft 365 is no longer just email and Office. It's the identity, device management, security, and collaboration platform your business runs on. Most Canadian SMBs have M365 — few have it configured to the security standard that actually protects them. TruPoint manages the full stack: licensing, tenant hardening, Defender policies, Conditional Access, and ongoing administration.
Every M365 module, configured to the security baseline it ships with — but never ships turned on.
Microsoft ships M365 with security defaults enabled and most advanced controls off. The tenant you got from your reseller three years ago has the same defaults it shipped with — and attackers know that configuration better than most IT teams do.
Exchange & Defender for Office
Exchange Online with Defender for Office 365. Anti-phishing, safe links, safe attachments, DMARC/DKIM/SPF, and impersonation protection — the email security baseline your insurer expects, fully configured and monitored.
Entra ID & Conditional Access
Identity foundation with conditional access policies enforcing MFA, device compliance, location controls, and risk-based blocking. The gating layer that makes every other M365 security control effective.
Defender for Endpoint
Enterprise EDR across Windows and macOS. Attack surface reduction rules, behavioural detection, automated investigation and response — the Microsoft-native EDR layer for environments standardising on the Microsoft stack.
Teams & SharePoint
Modern collaboration governed by TruPoint — retention policies, DLP, sensitivity labels, Teams Direct Routing, and SharePoint permission governance applied as part of every M365 engagement.
From default tenant to hardened, managed platform in four phases.
A structured M365 engagement that closes configuration gaps, migrates legacy systems, and establishes the governance that keeps the tenant secure as you grow.
Assess
Tenant audit against CIS M365 Benchmark — current Secure Score, security defaults status, admin account hygiene, Defender coverage, and DMARC validation. Gaps documented and prioritised.
Harden
Security defaults replaced with named conditional access policies. All admin accounts protected with phishing-resistant MFA. Defender plans enabled and configured. DMARC, DKIM, and SPF validated and enforced.
Migrate
Email, calendars, and files migrated from legacy platforms. SharePoint governance structure built. Teams deployed with Direct Routing VoIP if applicable. Legacy systems decommissioned on a defined schedule.
Manage
Ongoing administration via TruOffice. Licence management, new user provisioning, security alert triage, Secure Score monitoring, and quarterly review with your dedicated TAM.
Having M365 and having M365 configured are two different things.
A Microsoft 365 tenant with default settings is not a secure Microsoft 365 tenant. Conditional access is off by default. Legacy authentication is on by default. Admin accounts have no MFA by default. The attacks that hit Canadian SMBs every week exploit exactly these defaults — and Microsoft's own security documentation says to turn them off.
- CIS M365 Benchmark hardening — documented and maintained
- Secure Score tracked and improved quarterly
- All admin accounts phishing-resistant MFA required
- Legacy authentication blocked — closes the largest attack surface
- Microsoft CSP — TruPoint manages licensing directly
"We had M365 for three years and thought we were secure. TruPoint's first audit found no conditional access, default admin passwords on six service accounts, and DMARC not configured. Three years of exposure.
Where Microsoft 365 fits in the TruPoint stack.
TruOffice™
Microsoft 365 is the technical foundation of TruOffice — managed as a complete office platform with dedicated TAM and Canadian service desk.
TruWorkspace Zero Trust™
M365 Entra ID and Intune are the identity and device layers of TruWorkspace Zero Trust — hardened as part of every Zero Trust deployment.
Microsoft Entra ID
The identity and conditional access foundation inside M365 — the enforcement layer for every Zero Trust access policy.
A 30-min M365 security walkthrough.
We'll pull your Secure Score live and show you the top configuration gaps attackers are targeting in tenants like yours.