The Service

As Microsoft 365 environments provide email and document sharing activities, there is a significant amount of sensitive and personal data that could be at risk if not appropriately protected.

Microsoft 365 can be very secure if the available security controls are applied. By default though many controls are not applied and it is up to each organisation to perform that function themselves, based on their individual needs.

The purpose of this service is to assess how your Microsoft 365 tenancy is currently configured and managed, and provide recommendations on how to implement the most appropriate M365 security features. We review the current configuration and check control settings, such as whether the appropriate controls are just enabled rather than enforced. Applying the resulting recommendations will improve security and reduce the risk of suffering a breach.

The Benefits 

  • Minimise and mitigate the risk of your critical data being leaked from your M365 environment

  • Reduce the risk of succumbing to phishing attacks

  • Ensure high risk accounts with admin rights are adequately protected

  • Enhance security, ensuring users are authorised and only have access to the resources and information they need, and for the minimum time required

  • Provide insights to your overall information security posture

The Challenge

Microsoft 365 allows users to work from anywhere with enhanced collaboration, however, it also opens up your information systems to a new set of weaknesses and vulnerabilities, unless the right security controls are enabled. The increased exposure of personal and company data outside the organisation’s firewall has made Microsoft 365 an even bigger target for criminals. This presents unique challenges in maintaining compliance with data protection regulations and protecting sensitive and critical data. Misconfigurations, inappropriate user access levels and missing security controls all lead to vulnerabilities that could potentially give attackers access to sensitive data and a make your company a target for Ransomware infections.

Findings from a Microsoft 365 Security Assessment can help you protect sensitive personnel, customer and other 3rd party data and lessen the risk of data breaches.

Our Process

BH Consulting help customers to understand their existing M365 security profile, identify weaknesses and provide appropriate recommendations. We do this by systematically reviewing all the available security controls and evaluating whether they should be enabled or not and making recommendations accordingly.

This assessment will be benchmarked against guidelines provided by Microsoft and recognised industry best practice standards such as ISO 27001:2013 Information Security Standard, US National Institute of Standards and Technology (NIST), Centre for Internet Security (CIS) and SANS Institute.

Our consultants discuss each of the key areas with customers to ensure the impact of our findings are fully understood and what the consequences are.

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.