Microsoft 365 Security Controls Review

Microsoft 365 Security Controls Review

Ensure your data within Microsoft 365 is safe and secure.

As cloud adoption continues to accelerate, so do the security risks associated with it. The security provided by Microsoft in their platforms (described in detail in Microsoft’s Trust Center) must be preserved and extended through the awareness, choices, and actions of each application administrator. The system must be designed to protect against accidental and malicious disclosure of data.

A Microsoft 365 (M365) Security Controls Review seeks to improve your organization’s security posture and resiliency within your M365 environment(s). Our goal is to enhance security and safeguard your valuable data from threats and vulnerabilities. We thoroughly examine your M365 deployment, fortifying your digital ecosystem against accidental and malicious data disclosure.

Canary Trap’s M365 Security Controls Review includes reviewing security settings applied to Exchange Online, Teams, SharePoint Online, and Entra ID, including:

Identity and Access Management: This will involve a thorough review of user identity and access management strategies, including user roles and permissions, Multifactor Authentication (MFA) practices, password policies, guest provisioning and access, and privileged identity management.

Data Protection: The review will assess how data is protected both in transit and at rest. This will include an analysis of encryption practices, Data Loss Prevention (DLP) implementations, and the use of Information Rights Management (IRM) or Azure Information Protection (AIP).

Threat Protection: This entails assessing the organization’s strategies for detecting and responding to threats. This will include a review of mail controls, Advanced Threat Protection (ATP) settings, and Safe Links/Attachments practices.

Compliance: The review will also assess compliance with various regulations relevant to the organization. This could involve analyzing auditing settings, retention policies, and eDiscovery practices.

Mailbox and Collaboration Security: This part of the review will examine security settings and practices related to Exchange Online, Teams, and SharePoint. It focuses on settings for data sharing and collaboration.

Device and Application Management: The review will analyze how the organization manages devices and applications that access Microsoft 365. This could involve a review of Mobile Device Management (MDM) strategies, application permissions, and Conditional Access policies.

Security Administration: This involves a review of administrative practices, including the use of secure score, centralized logging, and incident response strategies.

A M365 Controls Review can be conducted with minimal knowledge of your environment, processes or applications, however, to be comprehensive in our testing methodology, we must consider the controls that are applied to backend systems and datastores.

Canary Trap combines human expertise with sophisticated tools, proven methodologies and, where appropriate, threat intelligence to ensure a thorough, in-depth approach to security testing and assessments.

For more information, please complete our Scoping Questionnaire or Contact Us.

Download the Service Brief

Microsoft 365 Security Controls Review

  • This field is for validation purposes and should be left unchanged.