Microsoft Office 365 Cloud Security Assessment

Evolve Security’s Microsoft O365 security assessment is designed to help ensure that the organization’s O365 implementation has been built in a way that supports the security, compliance, and reporting needs of the organization across your entire O365 cloud environment.

Optimizing O365 Security for Compliance and Business Goals

Cloud adoption continues to increase with the increased shift to virtual businesses and a remote work staff. In the same timeframe, web-based attacks have continued to increase. As more organizations move their data and applications to the cloud, cybercriminals have increasingly targeted cloud applications and infrastructures.

O365 implementations focus on productivity and collaboration, relying on integrated solutions for email, messaging, video conferencing and file sharing. O365 solutions are deployed primarily as software as a service that is actively managed by Microsoft.

O365 clouds are commonplace, and are used by clients of all sizes, around the world. As a result of this widespread adoption O365 credentials have consistently been among the most targeted type of credential sought out by attackers, and regularly fetch higher prices than many other types of accounts on the Dark Web.

Evolve Security’s O365 Security Assessment helps ensure that your O365 environment has been designed and implemented, and is being managed, to truly support your security and compliance needs, while enabling business goals.

Our Proven Google Cloud Security Assessment Solution

Evolve Security’s O365 security assessment includes full analysis of the existing O365 environment, including details such as the following:

  • Identity and Access Management, defined user classes, permissions for each, and rules for provisioning/decommissioning users. It also includes access logging and audit for critical systems and data, as well as management controls over your actual cloud account, including effective and appropriate use of multi-factor controls.
  • Data protections, including appropriate encryption, backup and recovery functionality, and processes/controls to restore service in the event of an outage. This also includes data segregation and isolation both within your environment, and between your environment and other organizations.
  • Security controls such as standards and defined controls for encryption, network firewalls, application gateway firewalls, denial of service filters, should be part of your cloud solution.
  • Data protections and privacy controls used to support shared services and file sharing such as email, file, SharePoint sites, OneNote, OneDrive and sharing embedded in communication solutions such as Teams.
  • The standards and configurations use to provision and decommission servers and workstations used to support the O365 environment. This also includes review of server hardening guidelines – as built. This also includes processes to build new servers to ensure they comply with the defined approved standard build.
  • Compliance and regulatory requirements, such as HIPAA, GDPR, and PCI/DSS require not only that the appropriate assets are protected, but that you know how they are protected, and are able to prove that you verified compliance.


What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Our O365 Security Assessments Constantly Evolve

Cloud enablement is a dynamic approach, and services continue to evolve. Our team of security professionals constantly monitor developments in cloud standards, and update processes and standards as appropriate. We also hold regular project review sessions and update our internal standards to help ensure we are assessing to at least standards of good business practice, based on the practices of current clients. Every engagement includes review of our own benchmarks to help ensure that we are assessing to the most appropriate set of controls.

Get Your Darwin Attack Demo Today

Start Pentesting in 2 Weeks