Microsoft 365 Security Assessment - 4wk Assessment


Effective Analysis of CIS & NIST Benchmarking, Active Directory to Azure and Microsoft 365 Configurations

The objective of this engagement is to provide our Client IT and Security departments with an analysis focused on three (3) areas:

  • Center for Internet Security (CIS) & NIST Benchmarking: Protiviti will utilize the CIS Standards and NIST-171 Benchmarks, for your utilized applications, which provides guidance for establishing a secure configuration for Microsoft 365.
  • Synchronization and/or Federation of On-Premise Active Directory to Azure: Protiviti with explore the connector and metaverse configuration to identify possible security gaps.
  • Analyzing and Assessment of the Microsoft 365 Configurations: A Protiviti Microsoft 365 Architect will access, review and document the current tenant configuration settings of Microsoft 365 in relation to your policies.

Activities to be Completed:

  • Microsoft 365 Assessment Preparation
  • Microsoft 365 Process & Technology Review
  • Microsoft 365 Security Assessment Runbook


  • Microsoft 365 Security Pre-Questionnaire
  • Microsoft 365 and AAD PowerShell Scripts & Manual Data Extraction
  • Microsoft 365 RCM
  • Microsoft 365 Security Assessment Runbook

The deliverables of this engagement to provide our Client’s IT and Security departments with an actionable and comprehensive analyses of the security configurations of Microsoft 365 to validate compliance and identify Gaps as tied to NIST-171 and CIS benchmarks. They provided Protiviti’s recommendations for remediation's, which if desired by Client, Protiviti can work to resolve GAPS in this critical enterprise application.

At a glance