Microsoft365 security assessment
During the M365 Security Assessment, we evaluate your company’s current security posture and identify additional protection opportunities within the Microsoft 365 suite. We help you optimize the use of your existing tools and provide recommendations to enhance security and compliance.
Product description
- A structured, focused overview of the IT security components of the Microsoft365 suite, their roles and how they work.
- We examine the IT security and compliance requirements that apply to your company.
- We assess the security benefits of a potential cloud migration.
- Assess the cloud applications used by your employees and identify the corporate data used by those applications.
- We will show how employee login credentials can become a target for attack.
We present the security tools that the installation of Microsoft365 can provide.
- For making a security framework development plan
- Cost-benefit analysis in case of expiry of the support period of security tools (e.g. antivirus)
- Preparing for security or compliance regulations
- Managing the deployment of cloud usage in a controlled manner, for the management of unmanaged cloud services
- Assessing the post-acquisition security level of an acquired organization
- Sensitive data management
- Maturity of IT security IT system, opportunities for improvement
We can help you identify the security opportunities that are available with the installation of the Microsoft365 enterprise suite of solutions.
Because of the compliance of tools, it is important to understand exactly how the current security infrastructure is structured and to identify the needs of the current security infrastructure, in order to weigh the importance and added value of the different elements of the suite to the secure operation of the enterprise.
Where available, the service uses native tools to collect information (e.g. Secure Score).
We will assess the systems concerned together with your experts, using questionnaire and consultation methods.
- Review of existing IT security tools and documentation
- Assessment of protection capabilities
- Documentation of status
The primary objective of the survey phase is to understand the business, technology and compliance needs of the existing security infrastructure, the security tools used, by answering the following questions:
- What security/compliance standard applies to the company? (e.g. GDPR)
- What does the security system do?
- What is expected of the security system and how well does it meet these requirements?
- What data do they work with and how are they responsible for it?
- How important is business continuity for a given system, how is it ensured?
- Are there any known current problems (reliability, performance, functionality) with the system?
- How secure are users' login credentials?
- How prepared are you against today's cyber-attacks?
- Assessment findings summary
- Sharing results, iteration
- Clarifying opportunities for improvement, making suggestions
The assessment will determine the level of cyber security readiness of existing system components and identify the steps that need to be taken to prevent complex attacks.
We identify Microsoft365 tools that will enhance your company's IT security, support your compliance efforts, and make your data management more secure. Identify security components currently in use that can be effectively replaced with Microsoft365 solutions.
In a partially customized demo environment along the identified needs, we will demonstrate the features available in E3 and E5 services.
Contact
During the assessment we will examine the following security related questions:
An overview of the endpoint protection solution installed in the Announcer's environment, based on the following criteria: coverage, up-to-dateness, range of activated services, integration capabilities, operational practices, documentation, processes, automation capabilities.
An overview of the spam and antivirus solution installed in the Announcer's environment, based on the following criteria: coverage, up-to-dateness, range of activated filtering services, quarantine management, integration capabilities, operational practices, documentation, processes, automation capabilities.
An overview of the identity management solution or practice in use in the Announcer's environment, including how identity is managed, the range of associated services, integration capabilities, operational practices, documentation, processes, remediation, alert management.
An overview of the user management solution or practice in the Announcer's environment in terms of: administration of privileged users, role management and registration, integration capabilities, operational practices, documentation, processes, abuse detection, remediation, alert management.
Overview of the disk encryption solution installed in the Announcer's environment in terms of: technology used, pre-boot authentication, user management, directory integration capability, key management, recovery processes, operational practices, documented.
An overview of the file encryption, access protection, DLP solutions and processes used in the Announcer's environment, based on the following aspects: technology used, authentication, certificate management, user management, directory integration capability, key management, recovery processes, operational practices, documentation, misuse detection and remediation, traceability.
Examination of the solutions and processes for monitoring the use of cloud-based applications in the Announcer's environment, based on the following aspects: technology used, shadow IT management, operational practices, documentation, detection and remediation of misuse, traceability.
Review of the compliance solutions, processes and regulations in place in the Announcer's environment, including: data warehouse solutions, application of data retention rules, data classification practices, document classification and tracking, ability to comply with the regulatory environment.