Identify
Microsoft 365 Security Assessment: Analyse and assess the state of security in your Microsoft 365 environment
Do you want a security analysis and assessment that gives management and security a clear overview of the level of security in your Microsoft 365 environment? We can analyse and assess the basic security controls, so you can strengthen your Microsoft 365 environment.
Why a security analysis when Microsoft 365 has security measures built in?
Microsoft 365 offers robust built-in security features. But these are rarely a "one size fits all" solution.
An independent security analysis gives you deeper insight into how these security features can be implemented to optimise your specific environment. And it can also reveal any security gaps in the configurations.
An assessment of the security of your Microsoft 365 platform
We perform a comprehensive analysis and assessment of the security of your Microsoft 365 platform. This includes identifying vulnerabilities at both the management and resource level. We also address any risks associated with the implementation and use of Microsoft 365.
In addition, we make sure that your policies, security controls and modern security settings are properly implemented. Our goal is to strengthen overall security to protect both your Microsoft 365 environment and the services connected to it.
We customise the security assessment to your business
We base our security assessment on recognised resources such as the Cloud Security Alliance's (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing and the CIS Microsoft 365 Foundations Benchmark.
We also use Microsoft best practices, guidelines and whitepapers along with our own experience and expertise.
This means that you and your business get a solution that is customised to your specific setup and configured with your Microsoft 365 environment.
The security assessment includes:
- Misconfigurations of Microsoft 365 services (OneDrive, SharePoint, Exchange, etc.)
- Access control and user permissions (internal/external)
- Protection of information and data in shared storage solutions
- Logging, monitoring and alerting
- Use and configuration of inbuilt security solutions
- Collaboration settings and configuration
- Proper modern security perimeter usage (Conditional Access)
- Applying security principles with a focus on least privilege.
The analysis results in a written report
The result of our analysis work is a detailed written report that includes the following:
- A non-technical section with a summary for management
- A technical section with detailed notes along with specific recommendations to improve safety levels and hardening.