https://store-images.s-microsoft.com/image/apps.58117.6bfa7519-b8c5-4c4b-a36a-f5be08e70ab1.aaf1ced5-154f-4701-9d5b-b8e4dae999d3.d5ef0e8a-fd72-4c78-90d6-a63ac04da1a6

EPAM Microsoft 365 Security: 4-Week Assessment

EPAM Systems

• EPAM's Microsoft 365 Security Assessment uses a combination of various industry best practices and frameworks to understand current security posture, critical gaps and future state of Microsoft 365

• This assessment is an effective way to gain valuable insights into an enterprise Microsoft 365 environment. It will give a holistic IT and security posture report with best-in-market recommendations.
• OBJECTIVES
	○ Assess the current security posture of all Microsoft 365 components. Answer the questions: “Is the customers and their data safe?” and “What are the top gaps by criticality?”
	○ Provide roadmap and suggested hardening steps for Microsoft 365 security using proven SecOps approach
• SCOPE
	○ Conduct workshops and interviews with SMEs and Stakeholders
	○ Assess Microsoft 365 tenant against security best practices, NIST,CIS,CMM benchmarks
	○ Assess information governance and data flows
	○ Review Identity governance, Azure AD
	○ Review Exchange, Sharepoint, OneDrive, Teams, MDM/MAM, MCAS, MDATP, Flows, IRM, DLP, Archives, eDiscovery, Message management, Compliance Center, MFA, Teams, Power BI, Dynamics365, encryption configuration settings
	○ Documentation review and cross-check against Microsoft 365 security implementation
	○ Review operational procedures (ondoarding, offboarding, security SOP, others) based on ITIL framework
	○ Backlog development and create a roadmap for hardening Microsoft 365 services
• WHY NOW?
	○ Performing a risk assessment of a Microsoft 365 is now more critical than ever before. It allows you to understand the full threat landscape: on-prem and cloud tenants. The risks and vulnerabilities to the organization will change over time; however, if the organization continues to follow a risk assessment methodology, it will be in an excellent position to address any new risks and vulnerabilities that arise
	○ Huge utilization of Microsoft 365 as well as the fact that cloud users, admins, and "violators" all working from home and outside of the perimeter, all familiar and brand-new security risks increase disproportionally.
	○ Performing a risk assessment for Microsoft 365 is about validating current Security Controls

At a glance

https://store-images.s-microsoft.com/image/apps.43095.6bfa7519-b8c5-4c4b-a36a-f5be08e70ab1.aaf1ced5-154f-4701-9d5b-b8e4dae999d3.6229fe9a-263b-4a81-bf58-bc3b7bae7784
https://store-images.s-microsoft.com/image/apps.16253.6bfa7519-b8c5-4c4b-a36a-f5be08e70ab1.aaf1ced5-154f-4701-9d5b-b8e4dae999d3.452ddb81-281b-437a-bba8-8cd3d46d7f69
https://store-images.s-microsoft.com/image/apps.52529.6bfa7519-b8c5-4c4b-a36a-f5be08e70ab1.aaf1ced5-154f-4701-9d5b-b8e4dae999d3.7306b9e0-39fb-4924-a63b-50407210a9d9
https://store-images.s-microsoft.com/image/apps.26485.6bfa7519-b8c5-4c4b-a36a-f5be08e70ab1.aaf1ced5-154f-4701-9d5b-b8e4dae999d3.aca48f1a-c3a6-4f3f-ba51-b2d72dc5eeb7