Microsoft 365 Security Assessment

Make sure you’re not an easy target.

Focused

Pragmatic

Fast

Why would Microsoft 365 be a target?

For many organisations, Microsoft 365 is used for the majority of internal and external communication, and it is a rich store of information.

In other words, it’s a valuable target for a cyber attacker.

What’s the worst that can happen?

If an attacker gains access to a staff member’s M365 account:

They can view and download any emails, files, or messages accessible in M365 from that account.
They can set up ways to retain access, so even when the account password is changed or all sessions are logged out, they will still be lurking.
And they can use this access to send malicious emails, files, or messages to other staff members, or to your clients.

If an attacker gains access to an administrator’s M365 account:

They can do all of this. And more.
In fact, they can do whatever they like.
And the first thing they will probably do is disable all of your administration access, so you can’t stop them.

Do we need to think about the likely impact of such attacks? Things like…

Immediate business disruption.
Long term reputational damage.

I’ll stop there.

How can you reduce the risk?

If you want to ensure you’re not an easy target, my Microsoft 365 Security Assessment is the solution.

It focuses on the key security measures that can significantly reduce the risk of an attacker gaining access to your Microsoft 365 environment.

Microsoft 365 Security Assessment

The Benefit

Ensure your organisation’s Microsoft 365 environment is not an easy target for cyber attackers.
Save time and money by making sure you’re only investing in security measures that will make the most significant difference.
Speak confidently with your clients and prospects about the security of your Microsoft 365 environment.

The Scope

The assessment will include a review of the security configuration of the following Microsoft 365 components:

Email (Exchange Online)
Teams
SharePoint
OneDrive

The assessment focuses on the most common ways that criminals break into Microsoft 365 over the internet, and it includes a review of over 25 different settings that can make or break your security.

The Process

We will have a short kickoff meeting to review the scope, process, and timelines.
I will then perform the security assessment, using a methodology and set of checklists that I have developed over many years.
I will present my recommendations to you online, so we can discuss what I recommend and why.
After this presentation, you will also receive a short report summarising what we discussed.
We will meet again 4-6 weeks later, to review the progress you have made and any questions you have.
[Optional] If you need my ongoing support while your IT provider implements the recommendations, or if you would prefer that I make the recommended changes on your behalf, we can talk about this during this review meeting.

The Fee

The fee is based on a number of factors – For example:
- The number of active users;
- The types of Microsoft 365 licences in use;
- Whether laptops / devices are also managed within InTune / Microsoft 365;
- Who currently manages the environment for you;
- Whether you would prefer to pay up-front or near the end of the assessment.
For guidance: Assuming payment is made in advance of the assessment, the fee for an ‘out of the box’ environment with up to 10 active users with Microsoft Business Basic or Business Standard licences would be in the region of €1,450 + VAT.

How To Get Started

Schedule a free 30 minute consultation to make sure this is the right option for you.
If it is, you will receive an invoice for the agreed fee and a link to pay online. (Other payment options are available, as described in the FAQ below).
Once payment is received, we can then schedule the assessment.

Schedule A Free Consultation

Frequently-Asked Questions

Can we broaden the scope of the assessment?

The assessment focuses on the most common ways that criminals break into Microsoft 365 over the internet, and it includes a review of over 25 different settings that can make or break your security.

If you need a broader scope (e.g. to include a review of your laptop / device security or the more advanced security features of M365), we can adjust the scope and fee to include these.

Can we pay the fee online?

Yes. You will receive an invoice and a link to an online payment facility during the signup process.

Can we pay by bank transfer?

Yes, no problem. Your company details will be gathered during the signup process, and an invoice will be issued to you at that point.

Just keep in mind that bank transfers will take longer to process, and the date for the assessment is only confirmed when payment has been received by Code in Motion.

We have strict payment terms of X days, so we can't pay in advance. Can we book an assessment and pay later?

Yes, this is possible.

Please note the following:

The fee increases by €200 to reflect the delayed payment and additional administration required to facilitate this.
The assessment date will not be confirmed until Code in Motion receives a PO Number from you (or an approval email from an authorised officer / senior manager of your organisation).

What guarantees do you offer?

The assessment will show you how to secure your Microsoft 365 environment.
No changes will be made to your Microsoft 365 environment during the assessment – The account used will only have read-only access, so even if I wanted to make changes, I can’t.
The assessment will be performed by Sam Glynn.
The assessment will be completed within the agreed timeframe.
The assessment will be in Plain English – You will not need an English/Tech-Speak dictionary.
And to top it all off, it comes with a 100% money-back guarantee: If you are unhappy for any reason, just shout and your fee will be refunded immediately.

How can we implement the recommendations?

When it comes to implementing the recommendations, there are a few options.

For example:

Done by you: You may have the knowledge and resources (either in-house or via a trusted third party) to implement the recommendations.
Done with you: Similar to ‘Do it yourself’, but you may want to retain my assistance – e.g. to help you formulate a detailed project plan; to be available for any questions that arise along the way.
Done for you: You may prefer that I do some or all of this for you.

Right now, don’t think too much about these options.

Knowing WHAT you need to do should be your focus.

Identifying HOW you can do it will become clearer as we work through the process.

What if I am still unsure if this is a good fit?

I get it. You’re not buying toilet roll here. Before you commit, you want to make sure this is going to work for you.

That’s why I recommend a quick conversation to see if this is a good fit.

During the conversation, we will focus on your needs, your goals, and how I may be able to support you. You won’t be sold a service on the call – it’s just about seeing if it’s the right fit for you.

Schedule a free 30-minute consultation today at https://secureandassure.com/book-30minutes.

Apply Now