The Challenge
Virtuos Tutorials delivers education and tutoring, which means handling information about students and families, data that deserves real protection. Like many growing businesses, its Microsoft 365 environment had been set up for productivity first, with security settings left at defaults. That left gaps: accounts protected only by passwords, inconsistent access controls, and limited defence against phishing or account compromise. Virtuos Tutorials wanted to close those gaps and put its environment on a secure footing.
What Evocate Delivered
In 2021, Evocate delivered a Microsoft 365 security hardening engagement:
- Best-practice review: assessed the tenant against Microsoft security best practice
- Identity protection: strengthened sign-in security, including multi-factor authentication
- Access controls: tightened account security settings and access governance
- Threat defence: improved defences against phishing, account compromise, and common threats
- Guidance: provided direction to keep the environment secure as the business grows
Outcomes
Virtuos Tutorials now runs on a hardened Microsoft 365 environment. Accounts are protected by stronger sign-in controls, reducing the risk of compromise. Access is governed sensibly, and the most common attack paths are closed off. The business can handle student and family information with greater confidence, and staff work within a safer environment without added friction.
Why This Matters
In education, trust is everything, and families expect their information to be safe. Default Microsoft 365 settings get you working, but they do not get you secure. The gap between those two states is where account compromise and data loss happen, and closing it is neither expensive nor disruptive when done deliberately. Evocate’s role was to lift Virtuos Tutorials’ security to a sensible standard, protecting people and data while keeping the platform easy to use for teaching and learning.






















