Microsoft 365 Security
Microsoft 365, along with its suite of applications, is one of the most widely used cloud services in enterprises.
However, a critical aspect often overlooked is that companies remain partially responsible for security within these cloud services.
Microsoft outlines this clearly in its Shared Responsibility Model.
Our Experience
We combine operational experience in cybersecurity, regulatory know-how and pragmatic implementation skills
Our consultants possess relevant Microsoft experience, enabling them to configure environments to be not only secure but also compliant with data protection regulations.
Our approach
-
Understandable, practical, solution-oriented
-
Focus on your business goals
-
Security as an integral part of your organization
You take care of your business and we'll take care of your cybersecurity.
Transperancy in your Cloud
M365 Security Assessment
In the Microsoft 365 Security Assessment, SC&E consultants evaluate whether security best practices have been properly implemented to eliminate potential vulnerabilities.SC&E consultants deliberately conduct this assessment manually, without using automated tools or scripts. This approach ensures that required permissions can be limited to Global Reader access (without the need for admin rights) while also allowing for a more tailored review of customer-specific requirements. For example, automated scripts cannot identify logical errors in Conditional Access policies. You have full flexibility in selecting which parts of your M365 environment should be assessed.
Approach:
-
Preliminary Meeting & Goal Definition:
-
A 2-hour session to define your specific security requirements (e.g., secure authentication, secure collaboration, external application usage).
-
Agreement on the assessment period and scheduling of the final review session.
-
-
Data Analysis & Evaluation
-
Examination of critical security settings and assessment of the chosen systems' security configurations.
-
-
Report & Action Plan
-
Creation of a detailed report outlining findings and recommended corrective actions.
-
-
Final Review Meeting
-
A 2-hour session to present results, hand over documentation, and clarify any remaining questions.
-
Exclusion
This assessment focuses exclusively on cloud configurations. Hybrid setups or on-premises systems are not included. Additionally, servers and client devices are not assessed, even if they are managed via Microsoft Endpoint Manager (Intune). Broader security strategies, such as exit strategies or backup strategies, are also beyond the scope of this assessment.
Our customers achieve a Microsoft Secure Score of over 80%!
Expertise from former Microsoft employees
M365 Consulting & Education
An assessment has the advantage of requiring minimal time investment during the review process, and you ultimately receive the results. However, the work then begins on your end, with addressing the findings.
Following an assessment, or even better, instead of an assessment, we support you in implementing best-practice security configurations for your Microsoft 365 environment. Our primary focus is on providing you with the knowledge to independently harden your Microsoft 365 environment.
In a defined project with planned work sessions, your environment will be optimally configured, and the effort required, user impact, and decision-making needs will be clearly communicated, implemented, and documented.
