The Microsoft 365 online productivity suite has proven to be a very popular solution for organisations that recognise the business benefits of using cloud based technology. At its core the Microsoft 365 solution provides hosted e-mail, calendar, social networking, collaboration tools and cloud storage for teams and businesses.
Microsoft apply a defense-in-depth strategy to ensure security controls are present at various layers of their Microsoft 365 service. This ensures that should any one area fail, compensating controls are in place to maintain security . Microsoft also have measures in place to detect, prevent and mitigate a security breach before it happens.
However, when deploying the Microsoft 365 solution organisations need to make some key security configuration decisions. Making the right decisions can be challenging given the depth of configuration options to choose from.
For example in deploying and configuring the solution you will need to consider different Access Control options to manage identity and access control for using Microsoft 365 and Azure features, review Data Resiliency arrangements for protecting information and recovering it from potential corruption, determine the best way to prevent Data Leakage using encryption and controlling forwarding options.
Furthermore a “set and forget” approach won’t work as the Microsoft 365 cloud environment is inherently very dynamic.
The Kaon Security Microsoft 365 Security Audit service has assisted organisations improve their IT security posture by optimising their Microsoft 365 security configuration. In delivering this service our experts investigate and assess more than 60 facets of the implementation to ensure the appropriate options have been selected.
Service Overview – 3 Key Elements
Microsoft 365 Security Audit
Our audit process looks to understand how Microsoft 365 has been architected into your computing environment.
A sample list of the areas we will investigate and verify include:
Microsoft 365 integrates with most assets within an organisation, therefore introducing potential perimeter gaps to the organisation. The risk analysis is performed to assess the impact of risks introduced by these potential perimeter gaps and how they may affect overall security posture for your organisation.
Some of the common risk types analysed during the Microsoft 365 Audit includes:
Kaon Security will provide your organisation with a detailed report which includes:
An executive summary of the Microsoft 365 security audit, a risk analysis commentary and security recommendations. Specifically written for business people the executive summary will allow you to discuss how to improve your Microsoft 365 security posture.
A detailed “Key Observations” section is provided in the report for the CIO or IT Manager covering our security findings, a risk analysis commentary and our recommended next steps for remediation.
Horizon Energy Group
“Whilst we had Microsoft 365 in the business for quite some time it had never really been closely looked at. I was very pleased with the level of detail and surprised by the findings. We hadn’t identified many of the gaps that were identified in the report. Overall, we found the exercise was good value for money. The consultancy process was very efficient. The outcomes, learnings and follow up from Kaon Security meant we are very happy with the end result” - Kiran Watkins - General Manager Commercial and Technology.
City of Ballarat
“Our organisation subscribes to Microsoft 365 and we engaged Kaon to identify risks in our configuration of Microsoft 365 and Azure. They excelled at identifying risks and provided appropriate trade-off decisions but most importantly – gave us clear ‘line of sight’ to a mature end-state. The experience and dedication of the Kaon team resulted in a significant improvement in understanding our environment and identifying gaps in our systems. Working together we found the team to be pragmatic, approachable and highly skilled. They were able to conduct in-depth analysis for us and provide excellent recommendations and results.” - Chris Crawley - ICT Service Delivery Manager
First NZ Capital
“After a recent migration from on-premise to Microsoft 365, we had the bare bones in terms of security. Our internal auditing process required us to verify the security and risks associated with this environment.
We engaged with Kaon to carry out an audit of our Microsoft 365 environment. By relying on their expertise, we were quickly able to identify issues that needed to be addressed. Some were as a result of business processes, others simply because we were using default settings on the tenancy.
We were able to work through Kaon’s report on an item by item basis and (in conjunction with the business) able to implement Kaon’s recommendations to reduce the risk footprint to our business.” - Indy Silva - Vice President, Head of Infrastructure