Microsoft 365 tenant review

Microsoft 365 has become the method of choice for organisations to store and share critical data.

Microsoft cloud services are built on a foundation of trust and security. Microsoft provides security controls and capabilities to help you protect your data and applications, however, these are often misconfigured or overlooked.

You own your data and identities and you also have the responsibility for protecting them. This includes the security of your on-premise resources, along with the security of cloud components you control within Microsoft 365.

Any flavour except vanilla

Sometimes, Microsoft 365 settings are left at default and in many cases left dangerously insecure, often by following a ‘vanilla’ MSP installation or without due security consideration during deployment.

Consequently, attackers are taking advantage of these poor deployments with alarming regularity. Malicious actors will commonly use phishing campaigns and leverage configuration weaknesses to maintain unauthorised access and exfiltrate data without detection.

MFA everything

We recommend using Multi-Factor Authentication (MFA), Mobile Device Management (MDM), Azure Information Protection (AIP), Microsoft Information Protection (MIP) and we assess the risk of Data Loss Prevention (DLP).

Measure it

The current configuration is correlated and analysed against Cognisys’ bespoke specification, based on Microsoft’s Secure Score and recommended best practices.

Appropriate recommendations can then be extrapolated. Our review aims to highlight the issues that allow attacks, breaches or losses to occur.


Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises of an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

Key benefits of our Microsoft 365 tenant review

Tailored to your organisation and where appropriate, we undertake a review of the following areas:

  • Authorisation and access management
  • Conditional access policies
  • Multi-Factor Authentication (MFA)
  • Mobile Device Management (MDM)
  • Azure Information Protection (AIP)
  • Microsoft Information Protection (MIP)
  • Application protection policies
  • Audit logging
  • Document and email protection
  • Identity protection
  • Detection and investigation of security incidents

Discover how we’ve helped leading organisations


Cognisys gains CREST OVS certification


Cognisys gains CREST OVS certification

The CREST OVS Penetration Testing Services, offered by Cognisys, aim to uncover vulnerabilities and weaknesses within both web and mobile applications, allowing clients to address them proactively.

A guide to vishing


A guide to vishing

We explore how to identify and protect yourself against vishing attacks.

Red vs blue team exercises


Red vs blue team exercises

Let’s explore the benefits of red vs blue team exercises and how they can strengthen your organisation’s security posture.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.
Leeds office

5 Park Place
Manchester office

The Sharp Project
Thorpe Road
M40 5BJ