Microsoft 365 Security Audit: 3-Day Assessment

Our Microsoft 365 Security Audit is designed for businesses who need to assess and assure the security posture of their own implementation.

The information is assessed based upon quantitative analysis (via Microsoft Secure Score) and the cloud security principles defined by the UK's National Cyber Security Centre. These principles help organisations fully understand the areas they should consider when designing and assuring their Cloud security posture, and are:

1. Data in transit protection
2. Asset protection and resilience
3. Separation between users
4. Government framework
5. Operational security
6. Personnel security
7. Secure development
8. Supply chain security 9.Secure user management
9. Identity and authentication
10. External interface protection
11. Secure service administration
12. Audit information for users
13. Secure use of service

Microsoft provide many built-in security configurations within Office 365 that contribute to the delivery of these requirements. Some of these mean that default Office 365 configurations automatically provide conformity with some of the principles and cannot be changed, whereas some mean that customers can adjust configurations (or build upon default settings) to adjust or satisfy conformance to certain principles. Also, there are controls and configurations that may lie completely with the customer that wrap around Office 365 configurations to comply with principles.

Responsibility for each of the areas defined by each of these principles in a Microsoft 365 environment can therefore be defined as lying in one of three areas:

1. Microsoft responsibility only
2. Shared Responsibility
3. Customer responsibility only

Our output report will show you where your security posture can be enhanced by the adoption of appropriate Microsoft techniques, detail the licensing requirements needed, and allow you to plan for a Microsoft 365 environment that is fully secure and meets your own business and compliance needs.