Microsoft 365 tenant review

Microsoft 365 has become the method of choice for organisations to store and share critical data.

Microsoft cloud services are built on a foundation of trust and security. Microsoft provides security controls and capabilities to help you protect your data and applications, however, these are often misconfigured or overlooked.

You own your data and identities and you also have the responsibility for protecting them. This includes the security of your on-premise resources, along with the security of cloud components you control within Microsoft 365.

Any flavour except vanilla

Sometimes, Microsoft 365 settings are left at default and in many cases left dangerously insecure, often by following a ‘vanilla’ MSP installation or without due security consideration during deployment.

Consequently, attackers are taking advantage of these poor deployments with alarming regularity. Malicious actors will commonly use phishing campaigns and leverage configuration weaknesses to maintain unauthorised access and exfiltrate data without detection.

MFA everything

We recommend using Multi-Factor Authentication (MFA), Mobile Device Management (MDM), Azure Information Protection (AIP), Microsoft Information Protection (MIP) and we assess the risk of Data Loss Prevention (DLP).

Measure it

The current configuration is correlated and analysed against Cognisys’ bespoke specification, based on Microsoft’s Secure Score and recommended best practices.

Appropriate recommendations can then be extrapolated. Our review aims to highlight the issues that allow attacks, breaches or losses to occur.


Cognisys presents its findings in a comprehensive yet simple report format.

This typically comprises of an executive summary, methodology, technical findings, and prioritised recommendations for remediation.

Key benefits of our Microsoft 365 tenant review

Tailored to your organisation and where appropriate, we undertake a review of the following areas:

  • Authorisation and access management
  • Conditional access policies
  • Multi-Factor Authentication (MFA)
  • Mobile Device Management (MDM)
  • Azure Information Protection (AIP)
  • Microsoft Information Protection (MIP)
  • Application protection policies
  • Audit logging
  • Document and email protection
  • Identity protection
  • Detection and investigation of security incidents

Discover how we’ve helped leading organisations



Is bringing your own device to work a bad idea?

As ‘Bring Your Own Device’ or BYOD rises in popularity, with more than two-thirds of us using a personal device at work, it’s important for businesses to understand the security risk that this can pose.


What is attack path management?

In a world where identities are the new security perimeter, compromising identity platforms like AD and AAD provides the greatest payoff for attackers, ultimately giving them control of all users, systems and data within the organisation.


.ZIP domain registration: A risky gateway to nefarious outcomes

In the ever-evolving world of cybersecurity, understanding emerging threats is critical to maintaining a robust defence. One trend currently attracting attention is the registration of .ZIP domains.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.
Leeds office

5 Park Place
Manchester office

The Sharp Project
Thorpe Road
M40 5BJ