Assessing M365 to minimize your organization’s exposure to loss

TrustedSec ensures the usage of Microsoft 365 is being done in accordance and in adherence to leading best practices to minimize the exposure of information systems to loss or degradation of confidentiality, integrity, and availability.

The Microsoft 365 (M365) Security Assessment by TrustedSec is a thorough evaluation of the full lifecycle of a production implementation, addressing the proper architecture and configuration design, with remediation assistance and validation of controls.

TrustedSec employs insight from not only leading Microsoft and industry best practices, but also from TrustedSec’s own technical offensive and defensive teams, who have used their vast experience and understanding of the M365 environment to create tools that are used by the rest of the industry.

Evaluating M365 Environments

TrustedSec identifies exposures and areas for improvement in the M365 environment using a four-tiered approach.

Approach What It Entails
M365 Technical Configuration Review

Evaluates the effectiveness of core security controls utilized in the configuration and deployment of M365. This review is intended to give organizations a trusted third-party validation of the settings, roll-out of the platform, and assessment of areas that typically have significant impact on the userbase if not deployed in accordance to leading best practices.
M365 Advanced Security and Compliance Control Review

Addresses the full capabilities and best practices including advanced system configurations, organizational processes, and people accountable to meet the requirements of a regulation, standard, or internal policy. The engagement will encompass the Identity, Data, Device, Application, and Infrastructure.
M365 Remediation

Assists organizations in completing the project at hand. By providing highly skilled security experts to implement and execute a remediation plan, TrustedSec will work within the confines of the organization’s appropriate change control process and help ensure that the issue has been effectively resolved
M365 Penetration Test

Uses the latest in attack techniques to perform both unauthenticated and authenticated tests of the M365 environment to assess the likelihood of an unauthorized actor gaining access to private business data.

Real or Fake? How to Spoof Email

I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why email sender addresses are so easy to forge and...
Read