Office 365
Office 365 (O365) is a cloud-based business system used for email, productivity, and collaboration. Hence, this platform and its data are a popular breach target for key threat actors who wish to exfiltrate data, elevate their privileges, abuse resources, or delete data. There is also an insider risk whereby trusted employees take steps to exfiltrate/spill or delete sensitive data, or obtain persistent access by building in backdoor accounts.
As a result, what organisations fail to realise is that most security issues with O365 do not relate to the service provider – they relate to deployment choices around access.
As a result, Sense of Security can assist in navigating the O365 security environment. SOS will perform a configuration review of the O365 platform against commonly accepted best practice security configurations. Furthermore, this goes beyond those practices covered by the Microsoft Security Score and provides a step-by-step actionable remediation plan and strategy to defend against and detect complex threats. SOS will also conduct an initial discovery which will be verified via documentation review, technical interviews and manual technical assessment.
This assessment will be performed with privileged access to the platform, and will also include the assessment of the following components:
- Authentication controls
- Users, groups and mail boxes
- O365 infrastructure and subscriptions
- 3rd party tools and protection
- Data classification, privacy, controls, and practices
- Threat management and protection
- Security and compliance
The following O365 components are in use and will be reviewed as part of this assessment:
- O365 Core Services
- Exchange
- Terms and Skype
- SharePoint
- OneDrive
- Yammer
- PowerApps
- Flow
- Azure Active Directory
The concept is so simple; the consequences can be disastrous.
To discuss how we can can assist your organisation with securing Office 365 please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.