alphaspirit - Fotolia

Why a Microsoft 365 security assessment is good for business

Jason Rothwell, solutions architect at Littlefish, believes the auditing process delivers some positives for customers

It’s hard for businesses right now. The UK is facing huge economic pressure resulting from years of strain caused by the pandemic, the war in Ukraine, Brexit and interest rate increases. The last thing anyone needs right now is to be thwarted by opportunistic cyber criminals.

Sadly, as we enter 2023, cyber attacks across all industries continue to rise and the financial impact is accumulating. Cyber criminals target businesses by the thousands – because it really only takes one time, and one overlooked vulnerability, to strike the so-called “black gold” of the 21st Century: data.

What is a Microsoft 365 security assessment?

Still, cyber security can seem murky and changeable (not to mention expensive) to many organisations, the majority of which operate using Microsoft 365 at their core. Microsoft 365 is a smart choice for many businesses, as this service-led infrastructure undergoes constant evolution and upgrades, including the security capabilities stack offered within the platform – great news for security-conscious organisations.

Still, in my experience, it’s often the case that many businesses aren’t making the most of the number of security features that are already included in their current Microsoft licencing – or else aren’t utilising them at all.

Furthermore, plenty of organisations remain in the dark about where their vulnerabilities lay when it comes to cyber security and where, for instance, things could be improved to strengthen their cyber security posture. This is not just limited to technology, but includes processes, controls, policies, standards and even education programmes.

A Microsoft security assessment is designed to offer an overall cyber security health check of your M365 environment. It can be tailored to specific organisational requirements or concerns (for example, compliance regulations), but overall aims to assist in helping businesses understand their security stance and take positive action to improve their security maturity.

What is included in a Microsoft 365 security assessment?

Any comprehensive assessment should be broken down into various elements which focus on security and securing data within 365. This might include:

  • General
  • Security and Access
    • MFA Settings
    • Identity protection
    • Conditional Access
    • Defender for 365
    • Email Security
  • Collaboration and external sharing
  • External Collaboration Settings
  • SharePoint Admin centre
  • Endpoint Management
  • Exchange Online
  • Teams
  • Secure Scores

The benefits of a security assessment for businesses

Knowledge, as they say, is power, and making cyber security a priority can be a huge comfort for employees and customers alike. 

Identifies vulnerabilities

A Microsoft 365 security assessment offers organisations a detailed insight into the specific vulnerabilities they’re exposed to. It identifies and prioritises cyber security risks, allowing the business to execute pointed risk mitigation.

Informs investment decisions

By understanding the inherent cyber risks inside your organisation, investments in technology and security can be made in an informed, precise and deliberate manner. Organisations benefit from peace of mind knowing their investments are up-to-date and responsible.

Offers one fixed cost

Cyber assessments are usually offered at one fixed cost, which is good news when it comes to getting sign-off, especially if budgets are tight. Fixed costs simplify the process of identifying, responding and remediating against cyber threats.

Documents compliance

All documentation created as part of the service can be used as evidence for compliance purposes and audits, helping businesses of all sizes fulfil their regulatory obligations by keeping personal data secure.

Effects cost savings

A security assessment can identify any unused or underused security features, helping to keep your data secure and removing unnecessary third-party costs.

Steers cultural change

Cultural change is hard to achieve but cost-effective to deliver. Findings from an M365 cyber assessment can contribute to cultural change by increasing cyber security awareness and empowering employees with effective information.


Jason Rothwell is solutions architect at managed IT and cyber security service provider Littlefish.

Read more on Sales and Customer Management