Microsoft 365 Security Assurance Service: Assessment

The Microsoft 365 Security Assurance Service focuses on validating that your Microsoft 365 controls (including the Defender suite) are effectively and appropriately deployed, and that nothing has been missed. It is an ongoing service with regular checks carried out, and periodic reviews, ensuring that you can be assured that your Microsoft 365 is always up to date and configured correctly.

Whilst Microsoft takes responsibility and ownership for most of the layers of your Microsoft 365 environment, organisations are still responsible for their own SaaS configuration. It is therefore critical that organisations not only review and check that their environment is optimally configured but also that it is continuously reviewed to both address the latest threats and take advantage of new controls when they're released. Keeping on top of the ever-evolving complex range of controls presents a challenge to IT and security teams.

Performanta’s Security Assurance service addresses this gap by working to understand organisations’ threats, needs and risk appetites and then working with them to iteratively improve their security posture and configuration, through a blend of reviews, assessments and targeted support.

The Microsoft 365 SAS service is built on the ISO model of iterative improvement. Performanta will take an initial baseline of the current Microsoft 365 security posture at the start of the year. Performanta will then:

• Provide an annual roadmap of improvements based on business need, risk and complexity
• Perform additional reviews for the year, based on the above report and current security posture
• Support roadmap defined improvements
• Carry out regular reviews of key reports (e.g. elevated privilege or Conditional Access change)
• Deliver appropriate Microsoft workshops to supplement the service.

Controls and checks consider the following key areas:

• Identity
• Application
• Data
• Email
• Storage
• Mobile Device Management