O365 Security Audit

Isn’t office 365 secure “out of the box”?

Maybe you’ve had Office 365 for some years now but are you sure its secure? Office 365 has a lot of features available out of the box but not all of them are turned on or fully configured. You might well ask “Why is this”, surely Microsoft would want all the features to be configured to offer best-in-class security for all its customers? The answer is that security of any product is a balance – increase the security and the user inconvenience increases too. This is true in Office 365 too and Microsoft can’t make this decision for you – so they leave the features available in a default position for you to “turn up” or “turn down” the security to fit your particular situation.

An example

Let’s look at an example – how users login. By default Office 365 online requires a user to enter a username and password. But for some organisations this won’t be sufficient – maybe you have particular requirements around password complexity, or perhaps you want users to enter more than just a username and password – perhaps you require a One Time Password (OTP) too, maybe your users will only ever login from the UK so you can safely block logins from outside the UK etc.

The point is that these are decisions that have to be made with knowledge of your particular situation and risk appetite. They need to be taken by you working with an expert who understands the Office 365. This is where AMDH can help – we can work with you to make these decisions and then to help you implement them.

Do it yourself?

There is a lot of documentation about how to properly secure Office 365 on the internet – both Microsoft and the UK Government’s National Cyber Security Centre (NCSC) have produced documentation on the options that exist and how they can to be configured. But Office 365 is a complex product and the security options that are available are as complex as the product itself. How something can be configured is not necessarily how it ought to be configured in your particular situation.

Get Professional Help?

AMDH Services Limited can help with this in two ways –

  • Firstly, we can help you by providing you with information on how your environment is currently configured and how this compares to the recommended best practice and discuss the differences with you in order to help you make an informed decision about how you want Office 365 to be configured.

  • Secondly, we can help you by completing the design, planning and implementation for all the security features you decide to implement on your Office 365 environment.

A Documented solution

We know how important documentation is and we like to provide well documented designs and operational procedures for all the design and implementation work we complete. The security options for Office 365 are well documented online by Microsoft. But these don’t cover how these features have been implemented for you or the reasons why you made the decisions you did about which features to implement.

We provide you with comprehensive document of the Office 365 security design including what choices existed, what decisions were made, why those decisions were made, and how they were implemented.

Ongoing management

Office 365 is an evergreen product – this means that it is constantly changing and developing. Because of this securing Office 365 is not a “one-off” task that you complete once and then forget. An organisation needs to keep up-to-date with changes to existing features and the introduction of new features and their security impact.

In a traditional ICT solution you would install an application and the application will not significantly change on its own – this has both advantages and dis-advantages from the perspective of security. Advantages in that since it doesn’t change you don’t need to concern yourself with how the changes might affect security. Dis-advantages in that it cannot respond to a security flaw easily without an update. For an evergreen product this problem is reversed – the product will change so you need to ensure you are aware of the changes and their impact.

AMDH can help here too. We can help you to keep abreast of the changes to the product and their impact by working in partnership with you on the management of your environment on an ongoing basis. Why not talk to us today and arrange a free discovery call to see if we can work together on making your Office 365 environment more secure?

To find out more please complete the below form