Microsoft 365 Security Assessment | Cyber Security Services
Detect.
Microsoft 365 Security Assessment
Our team of experts are here to help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).
What is a Microsoft 365 Security Assessment?
Microsoft 365 Security Assessments are the quickest and easiest way to validate your MS365 configuration and ensure alignment with industry security standards.
A short engagement, with total turnaround time generally within a week, we begin by introducing your system admin to our in-house cyber security experts to discuss your precise requirements and ask some basic questions. Once we have been granted access to your MS365 admin panel, our expert will be able to look deeper into your configuration settings and begin the full assessment.
A Microsoft 365 Security Assessment is delivered remotely and is valid for one year from the date of assessment.
1. Access & Information
Our security consultant will ask your sysadmin some questions, then arrange access to MS365 to investigate your configuration.
2. Framework Assessment
The information we have gathered in stage one is mapped line-by-line against your required CIS Controls framework to identify any gaps.
3. Review With an Expert
Depending on your requirements, we can present the results of the assessment, or present our findings on a call.
CIS Controls framework v2.0
Following the Center for Internet Security’s Microsoft 365 Foundations Benchmark v2.0.0, this framework is especially useful for clients in the NHS who are required to meet the Secure Email (DCB1596) standard.
1. Account & Authorisation
Assessing authentication, password security, access settings, and Azure policies.
2. Application Permissions
Inspecting the applications that impact on MS365, as well as its native integrations, to ensure security.
3. Data Management
Reviewing file sharing configuration and policies to reduce the risk of unauthorised access and data leakage.
4. Email Security & Exchange Online
Validating attachment, forwarding, and domain configurations to harden your email security.
5. Auditing
Assessing your monitoring policies to ensure that you are able to proactively detect attacks.
6. Storage
Defending against data leakage by checking for misconfigurations in sharing, syncing, and whitelisting.
7. Mobile Device Management
Checking your mobile password strategy and device policies to ensure the security of BYOD workers.
CIS Controls framework v3.0
Following the Center for Internet Security’s latest Microsoft 365 Foundations Benchmark v3.0.0, this extended framework provides prescriptive guidance for establishing a secure configuration posture for Microsoft 365.
1. Microsoft 365
Assessing key security settings within the admin portal.
2. Microsoft 365 Defender
Assessing security settings applied to Defender for Office and Cloud Apps.
3. Microsoft Purview
Security settings related to compliance, data governance, information protection, and risk management.
4. Microsoft Entra
Security settings related to identity & access management
5. Exchange
Assessing the security configuration of Exchange Online.
6. Sharepoint
Security settings related to SharePoint and OneDrive.
7. Microsoft Teams
Security settings related to Microsoft Teams.
8. Microsoft Fabric
Security settings for everything related to Power BI configuration.
Why Assess Your Microsoft 365 Configuration?
Microsoft 365 encompasses a wide range of software that we all use to conduct day-to-day business – everything from Word to OneDrive, from Power Point to Power Platform, and from Excel to Exchange Server.
However much we may rely on it, such a large attack surface gives bad actors ample opportunity to exploit any gaps in your defences.
By assessing your configuration against industry-standard frameworks devised by security professionals across the globe, we’re able to reduce your attack surface, and advise on how to remediate the issues we identify.
• Validate or correct your configuration
• Document compliance to regulatory standards
• Stay up-to-date with MS365 security developments
• Gain peace of mind in your security
• Inform and justify investments for MS365
CREST, CHECK & Cyber Scheme Certified
CREST (the Council of Registered Ethical Security Testers) is an international accreditation with a strict Codes of Conduct and Ethics. CHECK is the Government-backed accreditation from the National Cyber Security Centre (NCSC) which certifies that a company can conduct authorised penetration tests of public sector systems and networks.
All our penetration testers are certified by CREST, with senior consultants certified by CREST to the highest CCT Level. Our testers are also either CHECK Team Leaders (CTL’s) or Team Members (CTM’s).
Security testers that pass the Cyber Scheme exams demonstrate ‘competence and skill at the highest levels’ as defined by the National Technical Authority for Cyber Security (NCSC).
Our team have decades of combined experience and take pride in operating at the highest level of the industry – conducting a broad range of government and commercial tests – and always aim to go the extra mile.
Rely on CyberLab
Experienced Security Team
With an experienced team of consultants, pen testers, and security specialists, Cyberlab can be trusted to deliver the highest standard of service.
Advice You Can
Trust
We provide a trusted advisor who can understand your requirements and help guide the decision-making process.
Agnostic Advice
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.
Fully Bespoke
Approach
We specialise in creating bespoke security solutions and testing packages around the needs of your business to build and maintain your security posture.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.