Limit and manage sharing
Limit sharing of folders and access to shared resources such as Mailbox and Calendar:
- Limit shared mailbox sign-in
- Limit external calendar sharing policy
- Monitor publicly available resources, shared with external users
×
![]()
×
![]()
Limit data access
Prevent unauthorized users from accessing sensitive information on Microsoft Copilot:
- Create a minimum of three sensitivity labels to classify data as general use, internal only, and highly confidential
- Limit the number of Copilot users by requiring a manual approval of users with access
Create an audit trail
Ensure investigation teams can review logs and data in the event of a security incident:
- Enable global mailbox auditing
- Turn off mailbox audit bypass
- Turn on mailbox audit logging
- Turn on mailbox delegate auditing
- Turn on mailbox auditing
- Turn on mailbox owner auditing
- Enable audit log search
- Enable audit mail transport rules
×
![]()
×
![]()
Prevent data exfiltration
Protect against data leakage by disabling forward and auto-redirect rules to external addresses:
- Disable BCC transport rule
- Enforce the outbound spam filtering policy
