Retest performs security scanning

ReAzure – Entra ID & M365

Microsoft is a central part of almost every Danish company’s infrastructure. Many have, more or less consciously, made configurations and setups in Azure in the form of Entra ID and M365 services. This part of your infrastructure is vital to your cybersecurity.

The Microsoft Security Score provides a good starting point. But for most people, it’s necessary to dig a little deeper. The aim is to understand the elements in your configuration that are not uniquely a vulnerability, but in different contexts can pose a serious threat.

Benefits of ReAzure Entra ID & M365

  • Go beyond the Microsoft Security Score and understand the context of your Entra ID and M365 from a hacker’s perspective
  • Get visibility into vulnerabilities that could give an actor unwitting access to your environment
  • This review provides assurance that your Microsoft environment is set up according to security best practices

How a Microsoft Entra ID and M365 Security Review takes place

With a Security Review of your Entra ID and M365, you get a fresh look at your current setup and configurations in Entra ID and M365. This review is based on CIS Benchmarks, Microsoft Best Practices, and ReTest’s own security experience.

The purpose of the Security Review is to uncover vulnerable configurations and setups in Entra ID and M365 that could ultimately be exploited by a malicious hacker to access sensitive data, critical systems, or escalate their rights.

How is the security review performed?

Some examples of things we look through are the following:

  • Conditional Access Policies
    Here we look into the configurations and setup to see if they are done correctly and according to
    industry standards
  • Default settings in Entra ID
    A standard Entra ID tenant comes with a lot of default settings that are not configured according to best practice. We do a total review of all the configurations that should be changed
  • Microsoft 365 Suite
    We go through all the right settings that relate to security. This includes Office 365, Exchange Online, SharePoint, OneDrive and Teams. We also look at the Microsoft 365 Suite that deals with Microsoft Defender
  • Email security
    Your general email security is reviewed. Part of what we look at includes DKIM, DMARC and SPF. A good foundation prevents email spoofing and makes it harder for an attacker to exploit your domain for phishing campaigns

Reporting

The Security Review ends in a report that includes a management summary that can be forwarded to a board or management that has an interest in the conclusion. A technical section where there will be a description of the vulnerabilities, as well as a recommended solution that explains how to fix the vulnerabilities.

A debriefing meeting will be offered to discuss and review the findings described in the report.

Get in touch with us below to receive a dummy report.

Read about our other services

I would like to receive a call

Use the contact form and we will call you back within 12 hours.

4 + 9 =

Contact us

Phone number

+45 77 41 44 14

Email

[email protected]

Address

Hørkær 26
2730 Herlev, Denmark

Retest Security
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.