what would be some good tests to perform on an exchange online (recently migrated all mailboxes from on-prem exchange to office365 exchange online) environment for a risk assessment/audit process. I can think of basics such as permissions on mailboxes for the security aspect but wanted to build a list of perhaps the top 5 areas an audit would benefit. I appreciate such a task would be slightly different to an audit/risk assessment from an on-prem audit, but getting some assurances that the exchange online environment is configured, administered and managed in line with best practice would be useful as I am sure there are still things admins can overlook/get wrong/common mistakes just like they could internal hosted systems. I know reviews such as this often focus solely on security but any other worthwhile checks would also be interesting.
Our community of experts have been thoroughly vetted for their expertise and industry experience.