Users face multiple threats, from credential theft (like Mimikatz, password spray, or breach harvesting), to malware (viruses, ransomware, and the like), to phishing (gaining access to a user's credentials) and infrastructure attacks.

Phishing is by far the number one threat for any company these days. Cloud-migrated organizations are especially vulnerable because they have an almost perfect environment; everything is configured correctly and documents, historic emails dating back many years, and company info is available at ANY time, from ANY device, from ANY place. Criminals don't need to waste their time figuring out host names, encryption types, protocols, and getting through some mistakes in integration and external publishing of internal services. Everything works all the time, everywhere. But there's a solution -- companies need to start using tools and services that already exist and are built into the platform but not enabled by default. Some of them are very powerful and free, like a basic level of MFA. Some will require an additional license.

With the Free Microsoft 365 Security Assessment service, IT Partner will connect to your Microsoft 365 tenant and use tools like Secure Score, Azure AD, and PowerShell to generate a security report that will reflect your current situation and contain a prioritized list of recommendations on how to increase your data security, control, and protection.

Our objective is to assess your current security state and offer solutions to remediate high-priority security concerns.

The project will be considered successful when you get information about:

1. Your single-digit Secure Score
2. List of potential vulnerabilities sorted in order of importance
3. Recommendation on how to increase your protection and Secure Score
4. Quote for IT Partner's services in case you'd like us to work on your tenant hardening

IT Partner responsibilities #

• Microsoft 365 data collection and analysis
• Building of a security report

Client responsibilities #

• Providing a dedicated point of contact responsible for working with IT Partner
• Coordinating any outside vendor resources and schedules (if needed)
• Setting up temporary access with global admin permissions

Outside the scope of this project (additional cost items) #

• Initial setup and configuration of any Microsoft 365 services
• Gathering of any data located outside of Microsoft 365 tenant (for example, desktop computers, servers, and active networking equipment are outside the scope)

Prerequisites #

• You must have a Microsoft 365 tenant used in a production environment
• You must have a global admin access to your Microsoft 365 tenant

Plan #

The plan may vary depending on your needs.

1. Kickoff meeting
2. Identify security objectives
3. Assess your current security state and identify security gaps
4. Provide recommendations and best practices
5. Create an actionable security roadmap
6. Meeting to review the deliverables

Results #

You get a clear understanding of how to protect your cloud-migrated business from sophisticated threats hidden in email attachments and links; how to protect yourself from data leaks, helping you prevent sensitive information like SSNs and customer credit card numbers from being shared outside your business, as well as how to control and manage access to information.