True to its core values of bringing technology to the industry, Microsoft offers a free security evaluation workshop, the Microsoft 365 Security Assessment. This is to help organizations of all types and sizes to better understand the importance of a holistic security strategy aided with the current approaches in cyber security and bespoke technologies aligned to business needs.
This assessment aims to provide a clearer perspective of a client’s current cyber security posture with the stakeholders, roadmap, and implementation in mind. Another important goal is the allocation of tasks for the success of this security assessment. Here are the required roles in this security assessment:
- Project Executive Sponsor – drives the strategic vision for the organization, is delivery authority for the whole project, assists in resolving issues on the project, reports project status to the entire business, and guides the whole organization for the applied security strategy, standards, and policies.
- Project Manager – coordinates with partners and teams that are engaged in the project, schedules meetings, disseminates engagement deliverables, logs and manages project escalations and issues, updates the executive sponsors of the project status, and secures requirements timely for on-site workshops.
- Enterprise, Security and/or Infrastructure Architects – implement the security strategy define by the organization, choose and operate security products that are aligned to business goals, create and maintain the security architecture, and provide insights to the current and planned security posture, standards, and requirements of the business.
- Security Engineers, technical capitals – deploys, operates, and maintains the security solutions; provides technical details for the implementation of the existing security controls/products; provides insights to the use of Microsoft 365 security products and features.
- Project / Engagement Manager – creates and maintains project schedule, coordinates with partners and teams working on the project, monitors project deliverables, manages and records project issues and escalations, and provides updates to the main project manager.
- Security Architects / Consultants – prepares the required materials for the workshop, officiate the security assessment workshops, and creates engagement deliverables.
Determining who’s going to do what straightens the paradigm of tasks and client requirements for this assessment. Here is an overview of client responsibilities during the assessment:
- Complete questionnaire – the client is required to supply honest responses to assessment questions covering organizational security requirements and objectives, and industry regulations.
- Access to teams during assessment – the workshop might intervene with the schedule of the internal people involved from the client’s side. Flexibility of team/employee schedule and availability is required to allow a specific team, or a person participate in the assessment. This needs the attendance of the cloud & infra department, security team, and the stakeholders.
- Provide stakeholder during process – this is the most crucial part of the client responsibilities as this requires the assignment of major stakeholder/sponsor to supervise the whole security assessment.
- Access to security reports – for a more data-driven development of the security strategy roadmap, generating the necessary tenant reports are necessary. These reports should include the specifics from Microsoft Secure Score, Windows Defender Security Center, Microsoft Cloud App Security, and Attack Simulator results. Nothing to worry if a client lacks some of these as those will be generated during the workshops, as moderated by a Microsoft partner.
The Security Assessment Approach
The Microsoft 365 security assessment provides comprehensive methods to improve the current security posture a client has. It’s a mix of approaches that uses specialized Microsoft technologies and analytics and at the same time stirs the participation of the stakeholders and team members in the whole workshop. Here’s the general approach that this assessment will be following:
- Security awareness – the currently implemented security strategy is evaluated through a series of questionnaires and is quantified through Microsoft Secure score to understand the security baseline. This also allows the tracking of score improvements and the scheduling of further reviews.
- Consultation and solution recommendation – the Secure Score is generated, analyzed, and goes with the suggested the security areas that need to be prioritized. This primarily considers the user impact and the implementation cost. This will then lead to the development of a security roadmap with the security priorities in mind.
- Implementation and configuration – the suggested roadmap is designed to the client’s structure preferences followed by deployment and configurations (if necessary) along the way.
The Microsoft 365 Security Assessment is an opportunity for Microsoft and its partners be up close with local businesses to help align their security strategies to the global standards and modern trends—customer support and service at its finest.
Get this free security assessment today! Secure your slots with a Microsoft partner near you or you can send us a message here.