Combat the FBI's #1 Cyber Threat: Business Email Compromise READ MORE >

August 22, 2022
By: Jason Middaugh

Don’t Overlook the Need for a Microsoft 365 Security Assessment


Ubiquitous across the business landscape, Microsoft 365 — the bundle of much-used software and cloud-based software-as-a-service products — is used by nearly a million companies in the U.S. alone and has more than 350 million paid seats. It’s popular because of how it helps organizations communicate, collaborate, and get work done. But that popularity also makes it an attractive target for cyber criminals. Every company needs a Microsoft 365 security assessment to safeguard against these potential threats.

Microsoft 365 was first unveiled in 2017 and presented a bundle complete with Office 365, Windows 10, and Enterprise Mobility + Security for an integrated experience. Office 365 is a different offering and shouldn’t be confused with Microsoft 365; Office 365 is a cloud service platform that offers the tried and true Microsoft products like Exchange (email) and SharePoint (collaboration) along with Word, Excel, and PowerPoint either online or via a subscription plan. 

Many companies, of all sizes, have quickly navigated to Microsoft 365. With it they get the applications they’ve been using for years, plus a supported operating system and collaboration tools needed more than ever — such as Teams and SharePoint. Microsoft, naturally, has encouraged the transition as well by incentivizing companies to move away from legacy applications and plans.

A Glittering New Space — with Security Concerns

With Microsoft 365, companies are set up within their own tenant — a space all their own within the system. With options for SMBs (300 users or less) and Enterprises, these environments are set up for convenience and ease of adoption and make it easier for your team to get to work quickly on a single platform. 

However, although the package presents a great toolkit for productivity and collaboration, the tenant isn’t optimized for security ‘right out of the box.’ It’s akin to having a brand new house with all the amenities you could ask for, but no locked doors or windows. 

Because of the cloud connectivity of the bundle, your exposure to potential attacks and data breaches is the same no matter your size — whether you’re a startup with five seats or a massive enterprise with 50,000 users. Fortunately, a Microsoft 365 security assessment helps you tailor some of the included security features to account for those vulnerabilities.

Develop a Plan with Inversion6: Every business can benefit from a full cybersecurity risk assessment, which identifies your biggest assets and threats — and addresses both.

Why a Microsoft 365 Security Assessment is Critical

Whether you’ve been raised in Office 365 and a lifetime Windows user, or have recently been immersed in all things Microsoft thanks to a recent migration, it’s not easy to know where to begin when it comes to setting up security for Microsoft 365. You may know every Excel shortcut inside and out, but that won’t help in applying needed security controls to your tenant. A Microsoft 365 security assessment gives you a blueprint for crafting your security strategy and a roadmap for implementation.

It’s important to realize that Microsoft 365 presents a huge attack vector to cyber criminals. Malicious actors are leveraging every tool they can to gain access to Microsoft 365 tenants and steal sensitive information from businesses, governments and others who rely on the platform — all without having to penetrate the corporate perimeter. Hackers write specific scripts targeting Microsoft 365, use the product itself in phishing campaigns, and more. For instance, in March 2022, hackers were discovered using Static Web Apps (a feature of Microsoft Azure) to create false landing pages mimicking Microsoft to enhance phishing ploys. 

Potential Vulnerability Grows With Use

Your specific tenant within Microsoft 365 is always evolving. Like any SaaS solution, it’s growing and changing as you use it and further develop it. Going back to our house analogy, it’s similar to building onto your residence as you’re living in it. With each addition, potential complications arise; with each new feature, patch, or update for Microsoft 365, new vulnerabilities could emerge.

This is why a Microsoft 365 security assessment is essential, not only when first implementing the bundle but also at regular intervals thereafter. New feature settings come with a preference for convenience versus security — similar to the initial setup. It’s important to regularly review those new features and patches to ensure security remains consistent and vigilant. 

Maximize Native Security Tools

A Microsoft 365 security assessment doesn’t necessarily lead to new investment in security systems. Microsoft provides security tools within Microsoft 365, but insight provided by an assessment offers direction on how to implement those tools for your specific business and tenant. 

For instance, Microsoft 365 Defender is the built-in enterprise defense suite that coordinates detection, prevention, and response across endpoints, identities, email, and applications. Microsoft Secure Score gives you a measurement of your organization’s security posture.

Go Deeper with Inversion6: New payment card information security standards are coming with PCI DSS v4.0. Get a handle on what’s new and what to do next.

Inversion6 Removes the Guesswork with Microsoft 365 Security Assessments

Microsoft 365 has emerged as the world’s go-to productivity platform. It comes with native  security features, but by augmenting those features with a Microsoft 365 security assessment you’ll provide maximum protection against costly data loss. 

Inversion6 helps you create the processes within Microsoft 365 to make sure your organizational data remains secure. We’ll collaborate with you to tailor the security solution to meet your needs and goals. We can install security policies in place from day one of your migration, or walk you through the recommendations over time based on how large or disruptive the changes will be. We understand that security isn’t a one-size-fits-all proposition; our engagement is flexible based on how mature you are in the environment. 

Inversion6 has helped clients keep their data safe and secure for more than 30 years. We’re the proven risk management provider that brings a full suite of information security services to help you define your strategy, deploy the right technology and protect you from malicious attacks. From fractional CISOs to full-service MSSP, we partner with you to protect your business at every level.

Connect with Inversion6 today to talk to one of our experts and discuss your Microsoft 365 security assessment.

Post Written By: Jason Middaugh
Jason Middaugh has been involved with information security and management systems for more than 20 years. As an experienced Chief Information Security Officer (CISO) and technology executive, Jason has been heavily involved in leading the transformation and management of information security, cloud services and more by advancing technology strategies. Jason is a Certified Information Systems Security Professional (CISSP) and has been with Inversion6 as a CISO since 2019.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.

TALK TO AN EXPERT