Microsoft365 security assessment
With the M365 Security Assessmentservice, we help you and your company to assess your existing security infrastructure as accurately as possible. We'll examine the associated security policies, identify the security and compliance tools available via the move to the cloud in addition to those currently in use, and show you the additional options provided by the M365 suite.
What does the Microsoft365 Security Assessment Service offer?
Our service provides a comprehensive view of your company's current IT security status and future opportunities:
- A structured, focused overview of the IT security components of the Microsoft365 suite, their roles and how they work.
- We examine the IT security and compliance requirements that apply to your company.
- We assess the security benefits of a potential cloud migration.
- Assess the cloud applications used by your employees and identify the corporate data used by those applications.
- We will show how employee login credentials can become a target for attack.
We present the security tools that the installation of Microsoft365 can provide.
The T-Systems Microsoft365Security AssessmentService survey results provide relevant input information, including the following:
- For making a security framework development plan
- Cost-benefit analysis in case of expiry of the support period of security tools (e.g. antivirus)
- Preparing for security or compliance regulations
- Managing the deployment of cloud usage in a controlled manner, for the management of unmanaged cloud services
- Assessing the post-acquisition security level of an acquired organization
- Sensitive data management
- Maturity of IT security IT system, opportunities for improvement
We can help you identify the security opportunities that are available with the installation of the Microsoft365 enterprise suite of solutions.
Because of the compliance of tools, it is important to understand exactly how the current security infrastructure is structured and to identify the needs of the current security infrastructure, in order to weigh the importance and added value of the different elements of the suite to the secure operation of the enterprise.
Where available, the service uses native tools to collect information (e.g. Secure Score).
We will assess the systems concerned together with your experts, using questionnaire and consultation methods.
Identification and assessment
- Review of existing IT security tools and documentation
- Assessment of protection capabilities
- Documentation of status
The primary objective of the survey phase is to understand the business, technology and compliance needs of the existing security infrastructure, the security tools used, by answering the following questions:
- What security/compliance standard applies to the company? (e.g. GDPR)
- What does the security system do?
- What is expected of the security system and how well does it meet these requirements?
- What data do they work with and how are they responsible for it?
- How important is business continuity for a given system, how is it ensured?
- Are there any known current problems (reliability, performance, functionality) with the system?
- How secure are users' login credentials?
- How prepared are you against today's cyber-attacks?
- Assessment findings summary
- Sharing results, iteration
- Clarifying opportunities for improvement, making suggestions
The assessment will determine the level of cyber security readiness of existing system components and identify the steps that need to be taken to prevent complex attacks.
We identify Microsoft365 tools that will enhance your company's IT security, support your compliance efforts, and make your data management more secure. Identify security components currently in use that can be effectively replaced with Microsoft365 solutions.
Demo / Workshop
In a partially customized demo environment along the identified needs, we will demonstrate the features available in E3 and E5 services.
During the assessment we will examine the following security related questions:
- End-point protection
An overview of the endpoint protection solution installed in the Announcer's environment, based on the following criteria: coverage, up-to-dateness, range of activated services, integration capabilities, operational practices, documentation, processes, automation capabilities.
- Mail spam, virus and content protection
An overview of the spam and antivirus solution installed in the Announcer's environment, based on the following criteria: coverage, up-to-dateness, range of activated filtering services, quarantine management, integration capabilities, operational practices, documentation, processes, automation capabilities.
- Identity protection
An overview of the identity management solution or practice in use in the Announcer's environment, including how identity is managed, the range of associated services, integration capabilities, operational practices, documentation, processes, remediation, alert management.
- Privileged users, management of internal threats
An overview of the user management solution or practice in the Announcer's environment in terms of: administration of privileged users, role management and registration, integration capabilities, operational practices, documentation, processes, abuse detection, remediation, alert management.
- Endpoint disk encryption
Overview of the disk encryption solution installed in the Announcer's environment in terms of: technology used, pre-boot authentication, user management, directory integration capability, key management, recovery processes, operational practices, documented.
- Data protection (file encryption, access protection, data leakage protection)
An overview of the file encryption, access protection, DLP solutions and processes used in the Announcer's environment, based on the following aspects: technology used, authentication, certificate management, user management, directory integration capability, key management, recovery processes, operational practices, documentation, misuse detection and remediation, traceability.
- Cloud application usage monitoring solutions
Examination of the solutions and processes for monitoring the use of cloud-based applications in the Announcer's environment, based on the following aspects: technology used, shadow IT management, operational practices, documentation, detection and remediation of misuse, traceability.
- Data governance, compliance solutions
Review of the compliance solutions, processes and regulations in place in the Announcer's environment, including: data warehouse solutions, application of data retention rules, data classification practices, document classification and tracking, ability to comply with the regulatory environment.