Microsoft 365 - Why should your environment be subject to a configuration audit? 

15. August 2023

Whether you are a large enterprise or a medium-sized business, Microsoft 365 is becoming increasingly popular. Many companies have already ventured the move to Microsoft's cloud solution, while others are in the midst of implementation. 

To ensure a secure switch to Microsoft 365, detailed planning of IT structures and a focus on IT security aspects are essential. After all, the standard configuration settings of Microsoft 365 cannot be assumed to already have effective security measures integrated. The software and numerous configuration settings must be tailored by your IT department to meet your company's specific needs and guidelines and, in the best case, to comply with renowned security standards. This is the only way to avoid incorrect configurations and prevent unauthorized access to your own data. 

For this reason, we highly recommend a security audit, specifically tailored to Microsoft 365 configurations. Within an audit, external security experts can detect misconfigurations and thus significant risks to corporate security so that you can fix them before they can be exploited by attackers. 

Each Microsoft 365 environment is unique 

Each Microsoft 365 configuration audit initially begins with a scope workshop, where we discuss the environment and thus the audit details with you. Every company implements Microsoft 365 according to its own requirements and selects suitable licenses and services. This step is crucial because the security features can differ depending on the license. 

Additionally, we determine which services are in the cloud and which are still managed on-premise by the company itself. For example, some companies continue to keep their Exchange Server for e-mail on-premise. These hybrid configurations require special consideration, as the configurations for connecting the cloud and the company's own on-premise infrastructure in particular can pose critical vulnerabilities. 

Configuration audit possible directly via web interface 

Once the scope of the audit is determined, our experienced Auditors perform a professional security audit of the environment. This involves checking the configuration of security-relevant settings in the Microsoft 365 services you use. Extensive preparation is not necessary - just read-only access to your company's live environment is required. The audit is then performed directly via the web interface and other interfaces provided by Microsoft. 

We show ways to sustainably improve your environment's security 

Our IT security experts have developed a comprehensive check list for the configuration audit, testing against recognized IT security standards, best practices, manufacturer configuration recommendations and the benchmarks of the Center for Internet Security (CIS). 

As a result, we identify vulnerabilities and typical security gaps, specify the resulting risks, and show you ways to sustainably improve your company's security. After completion of the audit, we summarize the results in a report providing you with a management summary including the approach and summary of findings, along with a tabular overview of all identified deviations from the above-mentioned guidelines. 


Do you have questions or need assistance with your configuration audit? Contact us, we are happy to help. 

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories