top of page
Computer Büro-Arbeit

Microsoft 365 Security

Microsoft 365, along with its suite of applications, is one of the most widely used cloud services in enterprises. However, a critical aspect often overlooked is that companies remain partially responsible for security within these cloud services. Microsoft outlines this clearly in its Shared Responsibility Model: Shared Responsibility in the Cloud – Microsoft Learn.

M365 Security Assessment

In the Microsoft 365 Security Assessment, SC&E consultants evaluate whether security best practices have been properly implemented to eliminate potential vulnerabilities.SC&E consultants deliberately conduct this assessment manually, without using automated tools or scripts. This approach ensures that required permissions can be limited to Global Reader access (without the need for admin rights) while also allowing for a more tailored review of customer-specific requirements. For example, automated scripts cannot identify logical errors in Conditional Access policies. You have full flexibility in selecting which parts of your M365 environment should be assessed.

Approach

  1. Preliminary Meeting & Goal Definition

    • A 2-hour session to define your specific security requirements (e.g., secure authentication, secure collaboration, external application usage).

    • Agreement on the assessment period and scheduling of the final review session.

  2. Data Analysis & Evaluation

    • Examination of critical security settings and assessment of the chosen systems' security configurations.

  3. Report & Action Plan

    • Creation of a detailed report outlining findings and recommended corrective actions.

  4. Final Review Meeting

    • A 2-hour session to present results, hand over documentation, and clarify any remaining questions.

Exclusion

This assessment focuses exclusively on cloud configurations. Hybrid setups or on-premises systems are not included. Additionally, servers and client devices are not assessed, even if they are managed via Microsoft Endpoint Manager (Intune). Broader security strategies, such as exit strategies or backup strategies, are also beyond the scope of this assessment.

Contact
Download OnePager

M365 Consulting & Education

An assessment offers the advantage of requiring minimal time investment on your part while providing you with valuable insights. However, the real work begins afterward—addressing the identified findings.

Rather than simply conducting an assessment, we go a step further by supporting you in implementing best-practice security configurations for your Microsoft 365 environment. Our focus is not just on execution but also on empowering you with the knowledge to independently strengthen your Microsoft 365 security.

Within a well-defined project framework, structured work sessions ensure your environment is optimally configured. Effort, user impact, and key decision points are clearly communicated, implemented, and thoroughly documented.

Contact
bottom of page