Users face multiple threats — from credential theft (like Mimikatz, password spray, or breach harvesting) to malware (viruses, ransomware, and the like), to phishing (gaining access to a user’s credentials) and infrastructure attacks. Phishing is by far a number one threat for any company these days. Cloud-migrated organizations are especially vulnerable because they got almost a perfect environment – everything is configured correct and documents, historic emails dating back many years, company info is available at ANY time, from ANY device, from ANY place. Criminals don’t need to waste their time figuring out host names, encryption types, protocols, and getting through some mistakes in integration and external publishing of internal services. Everything works all the time, everywhere. But there’s a solution – companies need to start using tools and services that already exists and built into the platform but not enabled by default. Some of them are very powerful and free, like basic level of MFA. Some will require an additional license.

With the Free Office 365 Security Assessment service, IT Partner will connect to your Office 365 tenant and use tools like Secure Score, Azure AD and PowerShell to generate a Security Report which will reflect your current situation and contain a prioritized list of recommendations on how to increase your data security, control and protection.

Our objective is to assess your current security state and offer solutions to remediate high priority security concerns.

Project will be considered successful when you get information about:

1. Your single-digit SecureScore
2. List of potential vulnerabilities sorted by the order of importance
3. Recommendation on how to increase your protection and SecureScore
4. Quote for IT Partner’s services in case you’d like us to work on your tenant hardening

IT Partner is responsible for

• Office 365 data collection and analysis
• Building of a Security Report

Client is responsible for

• Providing a dedicated point of contact responsible for working with IT Partner.
• Coordinating any outside vendor resources and schedules (if needed)
• Setting up a temporary access with global admin permissions

Out of the scope of this project (additional cost items)

• Initial setup and configuration of any Office 365 services
• Gathering of any data located outside of Office 365 tenant (desktop computers, servers, active networking equipment is out of scope)

Prerequisites

• You must have an Office 365 tenant used in a production environment
• You must have a global admin access to your Office 365 tenant

Plan

May vary depending on your needs.

1. Kickoff meeting
2. Identify security objectives
3. Assess your current security state and identify security gaps
4. Provide recommendations and best practices
5. Create an actionable security roadmap
6. Meeting to review the deliverables

Results

You get a clear understanding of how to protect your cloud-migrated business from sophisticated threats hidden in email attachments and links; protect yourself from data leaks helping you prevent sensitive information like SSNs and customer credit card numbers from being shared outside your business; how to control and manage access to information.