Microsoft 365 - Why should your environment be subject to a configuration audit? 

15. August 2023

Whether you are a large enterprise or a medium-sized business, Microsoft 365 is becoming increasingly popular. Many companies have already ventured the move to Microsoft's cloud solution, while others are in the midst of implementation. 

To ensure a secure switch to Microsoft 365, detailed planning of IT structures and a focus on IT security aspects are essential. After all, the standard configuration settings of Microsoft 365 cannot be assumed to already have effective security measures integrated. The software and numerous configuration settings must be tailored by your IT department to meet your company's specific needs and guidelines and, in the best case, to comply with renowned security standards. This is the only way to avoid incorrect configurations and prevent unauthorized access to your own data. 

For this reason, we highly recommend a security audit, specifically tailored to Microsoft 365 configurations. Within an audit, external security experts can detect misconfigurations and thus significant risks to corporate security so that you can fix them before they can be exploited by attackers. 

Each Microsoft 365 environment is unique 

Each Microsoft 365 configuration audit initially begins with a scope workshop, where we discuss the environment and thus the audit details with you. Every company implements Microsoft 365 according to its own requirements and selects suitable licenses and services. This step is crucial because the security features can differ depending on the license. 

Additionally, we determine which services are in the cloud and which are still managed on-premise by the company itself. For example, some companies continue to keep their Exchange Server for e-mail on-premise. These hybrid configurations require special consideration, as the configurations for connecting the cloud and the company's own on-premise infrastructure in particular can pose critical vulnerabilities. 

Configuration audit possible directly via web interface 

Once the scope of the audit is determined, our experienced Auditors perform a professional security audit of the environment. This involves checking the configuration of security-relevant settings in the Microsoft 365 services you use. Extensive preparation is not necessary - just read-only access to your company's live environment is required. The audit is then performed directly via the web interface and other interfaces provided by Microsoft. 

We show ways to sustainably improve your environment's security 

Our IT security experts have developed a comprehensive check list for the configuration audit, testing against recognized IT security standards, best practices, manufacturer configuration recommendations and the benchmarks of the Center for Internet Security (CIS). 

As a result, we identify vulnerabilities and typical security gaps, specify the resulting risks, and show you ways to sustainably improve your company's security. After completion of the audit, we summarize the results in a report providing you with a management summary including the approach and summary of findings, along with a tabular overview of all identified deviations from the above-mentioned guidelines. 


Do you have questions or need assistance with your configuration audit? Contact us, we are happy to help. 

Also interesting:

Setting off for DORA – Your Preparation in 3 Steps

Setting off for DORA – Your Preparation in 3 Steps

DORA, the Digital Operational Resilience Act, is currently keeping the entire European financial sector on tenterhooks. The European Commission's regulation is accompanied by extensive requirements for digital resilience and there is less than a year left to implement...

What Cyber Security Has to Do with Your Annual Financial Statements

What Cyber Security Has to Do with Your Annual Financial Statements

Inadequate cyber security is one of the biggest risks for companies today. This is the assessment of the World Economic Forum, which ranks cyber insecurity as the fourth biggest risk for the next two years in its Global Risks Report 2024. That is why cyber security...

Categories

Categories