Microsoft 365 Secure Configuration Review
A review of your Microsoft 365 tenant against security best practice, covering identity, email, collaboration and logging.
What is a Microsoft 365 secure configuration review?
Microsoft 365 sits at the centre of most New Zealand businesses, holding email, files and identities. Its security depends heavily on how the tenant is configured, and the defaults are not always the safest option. This review is a methodical audit of your M365 tenant against best practice, identifying the settings that leave you exposed and the specific changes required to fix them.
What we review
- Identity and access: Entra ID configuration, multi-factor authentication coverage, conditional access policies, and guest and external access controls.
- Email and messaging: Exchange Online security, anti-phishing and anti-spam controls, and SPF, DKIM and DMARC for your domains.
- Collaboration tools: SharePoint, OneDrive and Teams sharing and permission settings, including external sharing.
- Audit and logging: the Unified Audit Log and retention settings, so attacker activity would actually be recorded.
Who needs a Microsoft 365 secure configuration review?
Any organisation running Microsoft 365, especially one that set the tenant up quickly, has grown since, or has never had the configuration independently reviewed. It is also a common requirement for ISO 27001 and cyber-insurance.
What the process looks like
You grant read-only access to the tenant. The review takes a couple of days depending on size, and the report gives each finding a severity rating, a plain-language explanation, and the exact configuration change required, ready for your team or provider to action.