Microsoft 365 Tenant Review

Microsoft 365 has become the method of choice for organisations to store and share critical data.

Microsoft cloud services are built on a foundation of trust and security. Microsoft provides security controls and capabilities to help you protect your data and applications, however, these are often misconfigured or overlooked.

You own your data and identities and you also have the responsibility for protecting them. This includes the security of your on-premise resources, along with the security of cloud components you control within Microsoft 365.

Cloud Security Assessment

Any flavour except Vanilla

Sometimes, Microsoft 365 settings are left at default and in many cases left dangerously insecure, often by following a ‘vanilla’ MSP installation or without due security consideration during deployment.

Consequently, attackers are taking advantage of these poor deployments with alarming regularity. Malicious actors will commonly use phishing campaigns and leverage configuration weaknesses to maintain unauthorised access and exfiltrate data without detection.

MFA Everything

We recommend using Multi-Factor Authentication (MFA), Mobile Device Management (MDM), Azure Information Protection (AIP), Microsoft Information Protection (MIP) and we assess the risk of Data Loss Prevention (DLP).

Measure it

The current configuration is correlated and analysed against Cognisys’ bespoke specification, based on Microsoft’s Secure Score and recommended best practices. 

Appropriate recommendations can then be extrapolated. Our review aims to highlight the issues that allow attacks, breaches or losses to occur.

Key Benefits

Tailored to your organisation and where appropriate, we undertake a review of the following areas:

  • Authorisation and Access Management.
  • Conditional Access Policies.
  • Multi-Factor Authentication (MFA).
  • Mobile Device Management (MDM).
  • Azure Information Protection (AIP).
  • Microsoft Information Protection (MIP).
  • Application Protection Policies.
  • Audit Logging.
  • Document and Email Protection.
  • Identity Protection.
  • Detection and investigation of security Incidents.


Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises: an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

Let’s Make Things Happen

Fill the form in and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements

“It was obvious, very quickly, that the Cognisys team knew exactly what they were doing. The speed that they uncovered some major issues justified our selection of them. I’d be more than happy to recommend them.”

Dan Mitchell

Head of IT – Clarion Solicitors

David Kenworthy

Cyber Security Expert

By submitting my data I agree to be contacted