Microsoft 365 drošības novērtējums

Office 365 audit consists of the following 3 main activities and many sub-activities:

1. Active Directory and Azure AD Hybrid identity assessment for Office 365 authentication.

• Synchronization services setup and location;
• Synchronization Accounts and permissions;
• User authentication flow and options;
• Synchronization rules;
• Installed versions;
• High availability of synchronization tools;
• Authentication setup and configuration (assessing whether appropriate tools are being used in current deployment);
• Password policies and non-expiring passwords;
• Errors in synchronization tools and possible solutions.

2. Office 365 configuration assessment

• Office 365 Admin accounts and permissions
• Office 365 Multi-Factor Authentication for Azure AD privileged roles and users
• Auditing configuration and reports
• External communication setup for Skype or Teams
• Skype or Teams security configuration
• SharePoint and OneDrive External sharing report
• SharePoint sites permission report
• Recommendations for data protection
• Office 365 Exchange online configuration – mailbox delegation, automatic forwarding rules, calendar sharing, mailbox auditing.
• Office 365 assigned licenses

3. Overall recommendations for security hardening and best practices.

To perform O365 security assessment, we need 2 things:

1. Remote access to your environment;

2. Domain Administrator account with permissions on AD Synchronization servers and Office 365 Global Admin account for Office 365 Assessment.

As a result of our activities, we will prepare for you O365 security audit report, which will include:

1. Active directory Synchronization services evaluation and recommendations for security hardening;

2. Office 365 configuration evaluation and recommendations of security hardening and best practices:

Management best practices.

High availability

Security hardening

3. On top of documentation, we will run presentation via on-site or online meeting.