top of page
Computer Büro-Arbeit

Microsoft 365 Security

Microsoft 365, along with its suite of applications, is one of the most widely used cloud services in enterprises. However, a critical aspect often overlooked is that companies remain partially responsible for security within these cloud services. Microsoft outlines this clearly in its Shared Responsibility Model: Shared Responsibility in the Cloud – Microsoft Learn.

M365 Security Assessment

In the Microsoft 365 Security Assessment, SC&E consultants evaluate whether security best practices have been properly implemented to eliminate potential vulnerabilities.SC&E consultants deliberately conduct this assessment manually, without using automated tools or scripts. This approach ensures that required permissions can be limited to Global Reader access (without the need for admin rights) while also allowing for a more tailored review of customer-specific requirements. For example, automated scripts cannot identify logical errors in Conditional Access policies. You have full flexibility in selecting which parts of your M365 environment should be assessed.

Approach

  1. Preliminary Meeting & Goal Definition

    • A 2-hour session to define your specific security requirements (e.g., secure authentication, secure collaboration, external application usage).

    • Agreement on the assessment period and scheduling of the final review session.

  2. Data Analysis & Evaluation

    • Examination of critical security settings and assessment of the chosen systems' security configurations.

  3. Report & Action Plan

    • Creation of a detailed report outlining findings and recommended corrective actions.

  4. Final Review Meeting

    • A 2-hour session to present results, hand over documentation, and clarify any remaining questions.

Exclusion

This assessment focuses exclusively on cloud configurations. Hybrid setups or on-premises systems are not included. Additionally, servers and client devices are not assessed, even if they are managed via Microsoft Endpoint Manager (Intune). Broader security strategies, such as exit strategies or backup strategies, are also beyond the scope of this assessment.

Contact
Download OnePager
SecureScore.png
Unsere Kunden erreichen einen Microsoft Secure Score von über 80%!

M365 Consulting & Education

Ein Assessment hat den Vorteil, dass Sie wenig Zeit während der Prüfung investieren müssen und letztlich die Ergebnisse erhalten. Jedoch fängt anschließend die Arbeit auf Ihrer Seite an, mit der Behebung des Findings. 

 

Nach einem Assessment oder besser anstelle eines Assessments unterstützen wir Sie bei der Umsetzung der Best-Practices Security Konfiguration Ihrer Microsoft 365 Umgebung. Uns ist dabei besonders wichtig das Wissen zu vermitteln, um die Microsoft 365 Umgebung selbstständig zu härten. 

In einem definierten Projekt mit geplanten Work-Sessions wird Ihre Umgebung bestens konfiguriert, Aufwand, User-Impact und Entscheidungsbedarfe klar kommuniziert, umgesetzt und dokumentiert.

Kontakt
OnePager herunterladen
bottom of page