Microsoft 365 Security Assessment

WHAT IS Office 365 SECURITY ASSESSMENT?

Office 365 audit consists of the following 3 main activities and many sub-activities:

1. Active Directory and Azure AD Hybrid identity assessment for Office 365 authentication.

  • Synchronization services setup and location;
  • Synchronization Accounts and permissions;
  • User authentication flow and options;
  • Synchronization rules;
  • Installed versions;
  • High availability of synchronization tools;
  • Authentication setup and configuration (assessing whether appropriate tools are being used in current deployment);
  • Password policies and non-expiring passwords;
  • Errors in synchronization tools and possible solutions.


2. Office 365 configuration assessment

  • Office 365 Admin accounts and permissions
  • Office 365 Multi-Factor Authentication for Azure AD privileged roles and users
  • Auditing configuration and reports
  • External communication setup for Skype or Teams
  • Skype or Teams security configuration
  • SharePoint and OneDrive External sharing report
  • SharePoint sites permission report
  • Recommendations for data protection
  • Office 365 Exchange online configuration – mailbox delegation, automatic forwarding rules, calendar sharing, mailbox auditing.
  • Office 365 assigned licenses


3. Overall recommendations for security hardening and best practices.

WHAT ARE REQUIREMENTS TO RUN SERVICE?

To perform O365 security assessment, we need 2 things:

1. Remote access to your environment;

2. Domain Administrator account with permissions on AD Synchronization servers and Office 365 Global Admin account for Office 365 Assessment.

WHAT DO I GET?

As a result of our activities, we will prepare for you O365 security audit report, which will include:

1. Active directory Synchronization services evaluation and recommendations for security hardening;

2. Office 365 configuration evaluation and recommendations of security hardening and best practices:

Management best practices.

High availability

Security hardening

3. On top of documentation, we will run presentation via on-site or online meeting.

Let's manage.

We are happy to share our knowledge, experience and expertise. Let us know what you need, and we will contact you directly.