Multi-factor authentication (MFA), the principle of least privilege (PoLP), and a software restriction policy (SRP) are all cornerstones of effective cybersecurity practices and are integrally related to the concept of a zero-trust architecture. Zero trust is a security feature that organizations can use to identify and control the execution of software on specified hardware. For small and mid-sized organizations using Microsoft 365, implementing such can act as a critical defense mechanism for protecting the many devices for which they are responsible.