| 1 minute read

Why You May Need a Microsoft 365 Best Practices Security Assessment

office workers using cloud services

Microsoft 365 (previously Office 365) offers a wealth of tools, including Teams, SharePoint, OneDrive, PowerPoint, Excel, and more, that help your team work and collaborate easily and efficiently from anywhere in the world. And, since the platform is cloud-based, your business has access to all these resources, yet doesn’t have to host the infrastructure.

But, regarding security, keep in mind that Microsoft 365 is a shared security model. Microsoft does provide security features that can be enabled and configured by your IT team, such as encrypted email, data loss prevention, and advanced threat analytics (ATA). However, you are responsible for assessing your security posture to decide which of these services and controls you need to administer. How? By having a Microsoft 365 best practices security assessment conducted.

Here’s How Avalon Cyber Assesses Your Microsoft 365 Security Controls

Our Objectives:

To assess the security settings and policies you currently have in place and identify where improvements can be made to protect your instance and sensitive and business-critical data.

Avalon Cyber meets these objectives by completing the following:

  • Comparing your current settings and configurations to known best practices, such as those of the Center for Internet Security (CIS), the National Institute of Standards and Technology (NIST), and the Cybersecurity and Infrastructure Security Agency (CISA), as well as Microsoft’s standard security/settings best practices
  • Outlining our findings in a detailed report identifying whether the settings you have in place passes, fails, or is in a warning state based on industry best practices
  • Providing strategic recommendations to address any settings and configuration shortcomings and rationales regarding why certain settings can pose a risk

Our Methodology:

For assessing areas of potential risk within Microsoft 365, we combine manual review and automation to verify all relevant settings through authenticated view-only admin access. We utilize the standards mentioned above (CIS, NIST, etc.) and test the following products, applications, and frameworks:

  • Azure Active Directory
  • Security & Compliance
  • Exchange
  • Microsoft 365
  • SharePoint
  • Teams

Microsoft 365 offers many advantages for your team, but like any other software or platform, is not without its challenges. Engaging a trained and knowledgeable cybersecurity team to perform an assessment is an easy way to help identify areas of risk within the cloud that require attention.

To learn more or to schedule a Microsoft 365 best practices security assessment, contact the experts at Avalon today.

Blog Articles

The Next Chapter in eDiscovery: Inside EDRM 2.0

For nearly two decades, the Electronic Discovery Reference Model (EDRM) has served as the industry’s roadmap for managing electronically stored information (ESI) throughout the litigation lifecycle. Whether organizations realized it or not, many of the workflows, technologies, and best practices used in eDiscovery have been shaped by this framework. Now, for the first time since the model was expanded to incorporate the Information Governance Reference Model (IGRM), the EDRM is undergoing a significant evolution.

An Interview with Chuck Pindell

As Avalon’s Managing Director of Managed Review, Chuck brings something rare to the table: The operational rigor of a military background, the strategic instincts of someone who has navigated some of the most complex reviews in the country, and a genuine belief that the people on both sides of the table matter as much as the technology behind them.

Avalon Expands Commitment to Channel Partners

Avalon is deepening its investment in channel partnerships to help legal service providers – including litigation support vendors, eDiscovery platforms, and law firm service divisions – access scalable, complementary litigation support solutions. Through these strategic relationships, organizations can diversify their offerings with services such as managed document review, digital forensics, and legal paper solutions, allowing them to better serve clients while maintaining focus on their core business.