request a quote

What Is Secure Configuration For Microsoft 365?

Microsoft 365 security is a shared responsibility model with default configurations set in favour of open, collaborative working.

Secure configuration remains the customer’s responsibility but is complex, meaning that errors can be easily made. These often result in account compromise and data breaches.

Evalian® can assess the security of your M365 environment identify risks to your M365 service and data, based on best practices, and provide recommendations for improving M365 security for an affordable, fixed price.​

Microsoft 365 Clour Review

Business Benefits For Securing Microsoft 365

Understanding the business benefits of securing Microsoft 365 is an important step towards alleviating the concerns of partners and stakeholders in your organisation. By helping you transform the way you operate, we ensure your data is kept secure, whilst freeing up valuable resources for you to focus on other critical areas of your business.

Protect your sensitive personal and business data
Lower the costs of your security assurance efforts
More time to focus on other business critical tasks
Reduce human cloud configuration errors
Continual feedback and improvement
Scale your organisation more efficiently
Microsoft office logo

What Does The Assessment Cover?

Our M365 Security Configuration Assessment covers over 80 individual items covering the following key security considerations:

> Account / Authentication
> Application Permissions
> Data Management
> Email Security / Exchange Online
> Auditing
> Storage
> Mobile Device Management

Our Cloud Review Service is Delivered Over Four Days

Whilst our M365 Security Configuration Assessment doesn’t include a security review of SharePoint, Teams or Power Apps, we can review these as part of a tailored engagement, subject to agreement of the scope and the time required.

Cloud security Review

Step 1

The service is delivered over four days during which our consultant will review your M365 environment compared with best practices.


Step 2

They will prepare a detailed report setting out their findings for each area of review, together with their rating and recommendations.

Step 3

Your consultant will schedule a call with you after providing the report to discuss the issues identified, remediation options and answer any questions.

Get Your Quote Today:

Please contact us to arrange a no-obligation
discussion about your testing objectives or to
request an example report or more information about our M365 Security Configuration Service.​

We can also provide M365 Cloud penetration testing.

Our Approach

Once a statement of work has been agreed upon, we’ll request read-only administrator access to your M365 environment and carry out the assessment. Our consultant will compare your M365 security configuration against best practices, based on the CIS Benchmark for M365, Microsoft’s own guidance our consultant’s knowledge and experience.

We grade the secure configuration with a ‘Pass’, ‘Partial’ or ‘Fail’ rating. The meaning of the ratings are as follows:

Pass: Indicates the component is configured in line with best practice.
Partial: Indicates some adherence to best practice, but not always (for example, where there are multiple of the same cloud resource).
Fail: Indicates the client has not configured the component in accordance with the best practice.

Partial or Fail rating does not necessarily mean an immediate risk to your M365 environment (as you may have other compensating security controls in place to cover the risk) but a Partial or Fail should be reviewed to confirm the configuration was specifically set as identified or to correct it.

The report will include remediation recommendations, including our reasoning, and links to relevant remediation information.

Our consultant will also use the overall results to prioritise the next steps based on the potential risk to your M365 environment. Please ask us if you would like to see an example report.


Call: 03330 500 111

DPO Certifications and accreditations