Microsoft cloud services are built on a foundation of trust and security. Microsoft provides security controls and capabilities to help you protect your data and applications, however, these are often misconfigured or overlooked.

You own your data and identities and you also have the responsibility for protecting them. This includes the security of your on-premise resources, along with the security of cloud components you control within Microsoft 365.

Sometimes, Microsoft 365 settings are left at default and in many cases left dangerously insecure, often by following a ‘vanilla’ MSP installation or without due security consideration during deployment.

Consequently, attackers are taking advantage of these poor deployments with alarming regularity. Malicious actors will commonly use phishing campaigns and leverage configuration weaknesses to maintain unauthorised access and exfiltrate data without detection.

We recommend using Multi-Factor Authentication (MFA), Mobile Device Management (MDM), Azure Information Protection (AIP), Microsoft Information Protection (MIP) and we assess the risk of Data Loss Prevention (DLP).

The current configuration is correlated and analysed against Cognisys’ bespoke specification, based on Microsoft’s Secure Score and recommended best practices. 

Appropriate recommendations can then be extrapolated. Our review aims to highlight the issues that allow attacks, breaches or losses to occur.

Tailored to your organisation and where appropriate, we undertake a review of the following areas:

• Authorisation and Access Management.
• Conditional Access Policies.
• Multi-Factor Authentication (MFA).
• Mobile Device Management (MDM).
• Azure Information Protection (AIP).
• Microsoft Information Protection (MIP).
• Application Protection Policies.
• Audit Logging.
• Document and Email Protection.
• Identity Protection.
• Detection and investigation of security Incidents.

Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises: an executive summary, methodology, technical findings, and prioritised recommendations for remediation.