More and More customers are moving to Office 365 for Mail Flow and Sharepoint Online services. They either get a company to help them complete the migration or have someone within the IT department. Question I would ask did anyone once look at their Secure Score after it was configured to see how secure their new email system is.
Studies have shown that on average 65% of users have weak passwords that can be cracked within 1 hour. One of the main differences between running your email out of Office 365 and using Exchange On-Premise, you could limit and lock down who could even log in outside your organization so having weak passwords were not really a concern because you had other things in place, like disabling OWA or Outlook Anywhere or Active Sync.
Once you are in Office 365 it is public and everyone within your organization needs access to it so they can access their email. Problem is because can't locked down how users connect to IP address or only allowing your internal network to be able to log in you have to start using other types of protections to secure your mail systems.
There is a section within Office 365 that will hope everyone secure their environment for the better.
The way that secure score works is on a point system. For different level of task you get points for a total of 507 points. I will say I have not seen anything higher than a 300 but I am still working to get a perfect score.
So there are some easy things that you can enable that will put your score higher like audit data recordings, turn on mailbox auditing for all users, consume audit data weekly or Enable Self-Service Password reset. After you do all the easy ones you move into the more advance things like requiring MFA (Multi-Factor Authentication) to log into Office 365 or your Outlook Mailbox or having special public facing records like DKIM or Remove all applications using TLS 1.0/1.1 and 3DES.
Just think how much safer your email will be when you enable all these features.