We all know Office 365 in its different flavors come with a bunch of native applications that will help to support IT security processes. These controls are the 1st line of defense.
I’m trying to list 2nd layer controls that will be helpful to determine if 1st line controls are properly implemented and managed. What could they be?
Any book or paper about that?