Office 365 is a fantastic resource for the modern company. Our team has a thorough review process to assess all aspects and identify any threats or areas for improvement in your Office365. 

If you have any concerns regarding your O365’s safety from threat actors or other potential issues, our team can help you with your Office 365 security controls.

Get In Touch

No salesy newsletters. View our privacy policy.

Office 365

Office 365 is a powerful tool that provides all sorts of business services from email to cloud storage, and it’s much more than just another productivity suite.

It provides more than just email and office productivity tools – with over 200 million active users worldwide who are constantly growing their products’ capabilities there really isn’t much missing when compared to Microsoft on-premises solutions (such as Exchange Server).

With Office 365, you can get access to an array of tools that will streamline your workflow and give you the freedom to work from anywhere. The security aspect should also not be overlooked though – it’s important in every business!
office 365 security review

Is office 365 email secure?

Whether it’s applications, devices or storage including backups, these are the three main categories where email data resides. Before understanding whether Office 365 is secure or not, it’s important to understand the cloud model concept. Just like major cloud providers, Microsoft offers this product as part of a shared responsibility model in cloud computing. This means:

Cloud provider is responsible for security of the cloud

Tenant or organisation client is responsible for security in the cloud

As customers have control of user accounts, access, authentication and authorisation of O365 data, it is customer’s (tenant organisation) responsibility to maintain the security of their sensitive data. There are good security controls out of the box that come with Office 365, however, they are not auto-magically serving an organisation’s demands.

Common O365 security misconfigurations and vulnerabilities

Our certified security professionals will perform a review of the Office 365 configuration to identify misconfigurations that may have occurred. It is very common for potential threats to be found during this process, and our team will support the mitigation of these threats. Recent bugs i.e. actual vulnerabilities identified within the product had also increased the attack surface for Office 365 users. Some of these recent flaws include improper validation (CVE-2020-16875) and smart bypass issues (CVE-2020-171324). Common Office365 misconfigurations include lack of multi-factor authentication, password sync and mailbox auditing. 

This thorough review includes vendor security best practices including but not limited to the following security review areas:
Office 365 Security Controls

Benefits of Office 365 Security Assessment

Follow best security practices

Security reviews findings are mostly around areas described under common misconfiguration. As a standard best practice checklist, an Office 365 installation should follow the following areas:

  • Unified Audit Logging
  • Multi-Factor Authentication 
  • Privileged accounts management
  • Protecting against malware using features based on subscriptions such as anti-phishing, auto-forwarding, ATP safe attachments and ATP safe links. 


Office 365 Security Practices

Microsoft Office 365 provides cloud resources, securing it is your responsibility.

Office365 Security Review Methodology

Our assessment approach involves benchmark based assessments as well as standard pentest methodology extended to include Microsoft cloud specific security concerns. We support industry-leading testing standards and methodologies:

Our Cyber Security Testing Services

Recent Blog Entries