Cloud services, such as Office365, are the method of choice for organisations to store their business critical data and provide key services such as email.
Microsoft cloud services are built on a foundation of trust and security. Microsoft provides you security controls and capabilities to help you protect your data and applications, however these are often misconfigured or overlooked by the responsible person or team. You own your data and identities and also the responsibility for protecting them both. This includes the security of your on-premises resources, but also the security of cloud components you control within Office 365.
ANY FLAVOUR EXCEPT VANILLA
Many Office 365 settings are left at default and in many cases left dangerously insecure, often by following a “vanilla” MSP installation or not considering security during the setup. Consequently, attackers are taking advantage of these poor deployments with alarming regularity. Malicious actors will commonly use phishing campaigns and leverage configuration weaknesses to maintain unauthorised access and exfiltrate data without detection. Our review aims to highlight the issues that allow these financially damaging attacks to happen.
Tailored to your organisation and where appropriate, we undertake a review of the following areas:
- Authorisation and Access Management
- Conditional Access Policies
- Mobile Device Management
- Application Protection Policies
- Audit Logging
- Document and Email Protection
- Identity Protection
- Detection and investigation of security Incidents