Microsoft 365 security: 3-D Workshop

The Microsoft 365 Security Assessment by CRAG is a thorough evaluation of the full lifecycle of a production implementation, addressing the proper architecture and configuration design, with remediation assistance and validation of controls. The assessment’s main objective is to provide organizations with broad protection, native integration, and automated management enabling customers with consistent enforcement and visibility across their Cloud and On-premise infrastructure. The Solution executes a comprehensive IT Security Assessment of all externally facing systems, external web applications, internal servers, workstations, and network devices, and protects the organization against cyberthreats

While adoption of Office 365 drives higher levels of innovation and competitive advantage, securing your Office 365 environment is essential to protecting the confidentiality, integrity and availability of intellectual, customer, and personal information stored in the cloud The Security Assessment is structured to help customers understand their current security posture, identify gaps, and prioritize a roadmap for security controls through the engagement that will assist reduce the environment’s risk landscape. CRAG will provide recommendations to balance security and productivity needs.

DAY 1 Workshop Description

1. On-site Engagement Overview Provides an overview of the 2-day on-site agenda, goals, and an opportunity to cover Q&A and project governance. Agreed plan and schedule for the 2-day on-site assessment.
2. Office 365 Security Overview Microsoft‘s approach to securing enterprise organizations. Provides a high-level overview of Office 365 security features.
3. Customer Security Strategy Customer presents goals and ambitions on their cloud security strategy. Provides a mutual understanding of the customer cloud security strategy.
4. Review Security Questionnaire Review the completed security questionnaire. Prioritized list of security requirements.

DAY 2 Workshop Description

1. Office 365 Security Technical Readiness Presentation Technical readiness presentation time slot. Technical readiness provided to the customer team.
2. Office 365 Secure Score Overview Overview of Office 365 Secure Score and how it relates to the security requirements. Technical readiness on Office 365 Secure Score.
3. Secure Score Recommendations / Discussion Workshop covering current Office 365 Secure Score and recommended security actions. Prioritization of Office 365 Secure Score security actions.
4. Office 365 Security Technical Readiness Presentation or Shadow IT Analysis Workshop Technical readiness presentation time slot. Or Shadow IT Analysis Workshop using Office 365 Advanced Security Management. Technical readiness provided to the customer team. or Understanding of current usage of Shadow IT. DAY 3 Workshop Description
5. Office 365 Security Technical Readiness Presentation Technical readiness presentation time slot. Technical readiness provided to the customer team.
6. Office 365 Security Roadmap Workshop Workshop to create an Office 365 security roadmap based on the security requirements and the prioritization of the Office 365 Secure Score actions. Defined high-level security roadmap based on Office 365 Secure Score security actions.
7. Project close-out and Next steps Close-out presentation and discussion of next steps. Provide an engagement summary and clear steps with tangible outcomes.