Microsoft 365 is a popular application thanks to its variety of features that make remote collaborative work simple and accessible. However, despite hundreds of configuration settings applied in each M365 tenancy by default, Microsoft does not automatically apply all the security settings and, as a result, can leave the tenancy and user accounts vulnerable and open to compromise.
Navigating each configuration setting in M365 and determining if it needs to be configured can be a daunting prospect. If a setting is not in place or misconfigured, anyone could gain access to view and delete private emails and access sensitive company documents. Keeping businesses secure and their data protected means using the intelligent built-in Microsoft security features that are often not implemented or used to their full potential.
At CSA, we understand what it takes to keep your private data private and applications secure.
We start the assessment by analysing a company’s M365 tenancy against pre-defined ‘best practice’ controls to ensure that all the necessary security controls are configured correctly to protect admin and user accounts, emails, documents and Teams collaboration chats. Following the assessment, CSA compiles an Executive Report on the findings. CSA provides a technical summary of each specific control that either needs to be changed or checked/verified by the responsible IT Team as well as our recommendations to secure the tenancy further. Each control listed in the technical summary is marked on the criticality of exposure – from critical to low.
The assessment is flexible to cater to any company, from small businesses with less than 50 M365 accounts to large scale multinational companies.
Since Microsoft introduces new features and services regularly, we recommend that our M365 Security Assessment is performed at least annually to ensure any new features or configuration changes have not impacted the security posture of the M365 tenancy used by the company. Cybercriminals are always on the lookout for new weak spots, but regular reviews of security status make sure the opportunity for an attack is limited.