Is your Microsoft 365 Environment Vulnerable?

You don’t have time for a master’s degree in Microsoft Security.

You need to lock things down—fast.

Instead, you’re stuck digging through useless docs while real work stacks up.

Of the things flying at you, do you know the ONE most likely to hurt you?

Identify it. Eliminate it. Secure your organization.

Sign up for a Compliance Control Assessment today—before it’s too late.

What’s Included?

Our identity, device, and data security assessments help you assess and prioritize improvements to your Entra ID, Intune, and Purview security configurations. Alternatively, our compliance control assessment touches on all three areas (and more) as they apply to relevant technical controls.

Entra ID Security Assessment
  1. Detect anomalous auth failure rates
  2. Ensure the use of strong/multi-factor authentication
  3. Identity Secure Score vs. comparable companies and recommend improvements
  4. Conditional Access assessment
  5. Privileged Identity Management / Least Privilege Assessment for Entra ID roles
  6. External access security policies (Cross-Tenant Access Settings)
  7. Device compliance
  8. Password Hash Sync for increased resilience and security
  9. Self-service group management
  10. License management based on group-based licensing
  11. Entitlement management to govern access
Intune Device Security Assessment
  1. Group policy analytics to determine readiness to move to cloud-native device management
  2. Entra Hybrid Join vs. Entra Join
  3. Entra Connect Sync vs. Entra Cloud Sync
  4. Device compliance policies
  5. Device configuration policies
  6. Application packages (PatchMyPC)
  7. Enrollment settings
  8. BitLocker and Entra Stored Recovery Keys
  9. No Local Admin: Entra LAPS vs. Intune Endpoint Privilege Management
  10. Zero Touch Deployment: Autopilot Deployment Profiles
  11. Endpoint Security Settings
  12. Patching: Windows Update Rings vs. Windows Autopatch
  13. Intune Adoption Score
  14. Device-Based Conditional Access Policies
  15. Defender for Endpoint
  16. Windows 365 Cloud PCs vs. Azure Virtual Desktop
  17. Mobile Device Management (MDM) vs. Mobile Application Management (MAM)
Purview Data Protection Assessment

This assessment explores safeguarding sensitive information in compliance with CIS Control 3: Data Protection. We’ll help you create processes and technical controls to identify, classify, handle, retain, and dispose of sensitive data, mitigating risks associated with inadvertent or unauthorized data sharing.

We will use Microsoft Purview to effectively monitor, manage, and protect sensitive content while minimizing disruptions to end user daily activities.

  1. Establish designated protected containers where sensitivity labels automatically secure content, ensuring compliance by default without impacting existing workflows.
  2. Establish and Maintain a Data Management Process: Develop and document a comprehensive data management process that addresses data sensitivity, retention, storage, backup, and disposal in alignment with CIS Control 3.1.
  3. Establish and Maintain a Data Inventory: Create and maintain an accurate inventory of all sensitive data, including classification based on sensitivity levels, as outlined in CIS Control 3.2.
  4. Configure Data Access Control Lists: Implement and manage access control lists to ensure that only authorized personnel can access sensitive data per CIS Control 3.3.
  5. Enforce Data Retention Policies: Define and enforce data retention policies to ensure that data is retained and disposed of securely, as specified in CIS Control 3.4.
  6. Securely Dispose of Data: Establish procedures for the secure disposal of data that is no longer required, in line with CIS Control 3.5.
  7. Encrypt Data on End-User Devices: CIS Control 3.6 recommends that sensitive data stored on end-user devices be encrypted to protect against unauthorized access.
  8. Establish and Maintain a Data Classification Scheme: Develop a data classification scheme to categorize data based on its sensitivity and criticality, supporting effective data protection measures, in alignment with CIS Control 3.7.
  9. Document Data Flows: Map and document data flows to understand how data moves within the organization and identify potential risks, as outlined in CIS Control 3.8.
  10. Deploy a Data Loss Prevention Solution: Implement a Data Loss Prevention (DLP) solution to monitor and protect sensitive data from unauthorized access or disclosure, per CIS Control 3.13.
  11. Enhance visibility into the sharing of sensitive data across SharePoint, OneDrive, and Teams environments, enabling proactive alerts and warnings for users and administrators.
Compliance Control Assessment

CMMC, CJIS, HIPAA, or other regulations may apply to you. We can perform a customized controls assessment to show you how to configure your currently licensed Microsoft 365 features to achieve compliance. Download my free eBook, How to Achieve CJIS Compliance with M365 M365, for a table of contents of the CJIS version of this deliverable.

Every security assessment includes Basic Microsoft 365 and Azure security configuration assessments, which include nuances specific to Commercial and the GCC High sovereign cloud.

Microsoft 365 Security Configuration Assessment
  1. 365Inspect and CheckTLS tools to perform a 108-point inspection
  2. Defender for Office 365
  3. Email security and anti-domain spoofing: TLS, SPF, DKIM, DMARC
  4. Dangerous attachment filtering
  5. Dangerous default permissions
  6. Exchange Mailboxes with POP/IMAP enabled
  7. External Sender Message Tagging not enabled
  8. Malware filter policy checking
  9. Transport rules to block executable attachments
  10. Transport rules to block large attachments
Microsoft Azure Security Configuration Assessment
  1. Azure Landing Zone
  2. Defender for Cloud
  3. Least Privilege RBAC
  4. Azure Backup

Sign up directly for your $5,000 security assessment. We deliver security assessments through MSPs at twice this price.

Sample Assessments

Here are excerpts from paid assessments that covered:

  1. recovering from breaches and mitigating security findings
  2. implementing least privilege in Microsoft 365, Entra ID, and Azure
  3. planning compliance to satisfy CJIS controls
  4. ongoing assessments to discover new findings and track existing ones

$5,000 to point your team in the right direction is a small price to pay.

1. Breach Recovery and Finding Mitigation

We can help with recovery and mitigation plans.

2. Least Privilege

We can help you generate a permission graph to get to least privilege.

3. Controls Assessment

We can help you achieve compliance at your current M365 license level.

4. Ongoing Assessment

We provide automation to monitor key configurations as well as discounted periodic assessments.