Microsoft 365 Security Assessment | Cyber Security Services


Microsoft 365 Security Assessment

With such a vast and evolving suite of customisable products and features, it can be hard to stay up to date with the most recent security recommendations for Microsoft 365.

Our team of experts are here to help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).

What is a Microsoft 365 Security Assessment?

Microsoft 365 Security Assessments are the quickest and easiest way to validate your MS365 configuration and ensure alignment with industry security standards.

A short engagement, with total turnaround time generally within a week, we begin by introducing your system admin to our in-house cyber security experts to discuss your precise requirements and ask some basic questions. Once we have been granted access to your MS365 admin panel, our expert will be able to look deeper into your configuration settings and begin the full assessment.

A Microsoft 365 Security Assessment is delivered remotely and is valid for one year from the date of assessment.

Build Reviews icon

1. Access & Information

Our security consultant will ask your sysadmin some questions, then arrange access to MS365 to investigate your configuration.

Quarterly Advice Sessions icon

2. Framework Assessment

The information we have gathered in stage one is mapped line-by-line against your required CIS Controls framework to identify any gaps.

Contact icon

3. Review With an Expert

Depending on your requirements, we can present the results of the assessment, or present our findings on a call.

CIS Controls framework v1.5

Following the Center for Internet Security’s Microsoft 365 Foundations Benchmark v1.5.0, this framework is especially useful for clients in the NHS who are required to meet the Secure Email (DCB1596) standard. 

Download the complete Benchmark v1.5.0 specification

Risk Management icon

1. Account & Authorisation

Assessing authentication, password security, access settings, and Azure policies.

Formalise Your Security icon

2. Application Permissions

Inspecting the applications that impact on MS365, as well as its native integrations, to ensure security.

Secure Vulnerable Areas icon

3. Data Management

Reviewing file sharing configuration and policies to reduce the risk of unauthorised access and data leakage.

Architecture & Configuration icon

4. Email Security & Exchange Online

Validating attachment, forwarding, and domain configurations to harden your email security.

Build Reviews icon

5. Auditing

Assessing your monitoring policies to ensure that you are able to proactively detect attacks.

Data Security icon

6. Storage

Defending against data leakage by checking for misconfigurations in sharing, syncing, and whitelisting.

Device Security icon

7. Mobile Device Management

Checking your mobile password strategy and device policies to ensure the security of BYOD workers.

CIS Controls framework v3.0

Following the Center for Internet Security’s latest Microsoft 365 Foundations Benchmark v3.0.0, this extended framework provides prescriptive guidance for establishing a secure configuration posture for Microsoft 365.

Download the complete Benchmark v3.0.0 specification. 

1. Microsoft 365

Assessing key security settings within the admin portal.

2. Microsoft 365 Defender

Assessing security settings applied to Defender for Office and Cloud Apps.

3. Microsoft Purview

Security settings related to compliance, data governance, information protection, and risk management.

4. Microsoft Intune

Security settings related to managing user access to resources and app and device management.

5. Microsoft Entra

Security settings related to identity & access management

6. Exchange

Assessing the security configuration of Exchange Online.

7. Sharepoint

Security settings related to SharePoint and OneDrive.

8. Microsoft Teams

Security settings related to Microsoft Teams.

9. Microsoft Fabric

Security settings for everything related to Power BI configuration.

Why Assess Your Microsoft 365 Configuration?

Microsoft 365 encompasses a wide range of software that we all use to conduct day-to-day business – everything from Word to OneDrive, from Power Point to Power Platform, and from Excel to Exchange Server.

However much we may rely on it, such a large attack surface gives bad actors ample opportunity to exploit any gaps in your defences.

By assessing your configuration against industry-standard frameworks devised by security professionals across the globe, we’re able to reduce your attack surface, and advise on how to remediate the issues we identify.

• Validate or correct your configuration
• Document compliance to regulatory standards
• Stay up-to-date with MS365 security developments
• Gain peace of mind in your security
• Inform and justify investments for MS365

Blog - Threat Hunting and Security Monitoring for Public Sector

CREST, CHECK & Cyber Scheme Certified

CREST (the Council of Registered Ethical Security Testers) is an international accreditation with a strict Codes of Conduct and Ethics. CHECK is the Government-backed accreditation from the National Cyber Security Centre (NCSC) which certifies that a company can conduct authorised penetration tests of public sector systems and networks.

All our penetration testers are certified by CREST, with senior consultants certified by CREST to the highest CCT Level. Our testers are also either CHECK Team Leaders (CTL’s) or Team Members (CTM’s).

Security testers that pass the Cyber Scheme exams demonstrate ‘competence and skill at the highest levels’ as defined by the National Technical Authority for Cyber Security (NCSC).

Our team have decades of combined experience and take pride in operating at the highest level of the industry – conducting a broad range of government and commercial tests – and always aim to go the extra mile.

Cyber security certification logos

Rely on CyberLab

Experienced Security Team

With an experienced team of consultants, pen testers, and security specialists, Cyberlab can be trusted to deliver the highest standard of service.

Advice You Can

We provide a trusted advisor who can understand your requirements and help guide the decision-making process.

Agnostic Advice

We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.

Fully Bespoke

We specialise in creating bespoke security solutions and testing packages around the needs of your business to build and maintain your security posture.

Speak With an Expert

Enter your details and one of our specialists will be in touch.

Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.

Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.

We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.

If you like this, then take a look at…

Blog - Intro to Posture Assessments
What is a Cyber Security Posture Assessment?
Blog - 5 tools to get things done
Dive into SME Cyber Security
Blog - SME Security
Security for Small and Medium-Sized Enterprises

Blog - Why Small Businesses need Vulnerability Assessments
Common Security Vulnerabilities in Small Businesses