Microsoft 365 is frequently described as an “ISO 27001–aligned platform”. In isolation, that statement is not incorrect. Microsoft 365 provides a wide range of technical capabilities that can support many of the controls expected under ISO 27001. Where organisations get into difficulty is assuming that capability equates to compliance. ISO 27001 does not certify platforms....