Security Baseline Workshop for Office 365
This workshop pulls together the important security elements and requirements that are typical of an Office 365 enterprise deployment
We have seen that many of the important security and compliance steps required for secure Office 365 deployment are disjointed and not always given the time and energy they should. The result being that they are overlooked in the heat of the process.
For example, there is no point in migrating over a decade of ‘tamper proof’ archives to Office 365 only for the retention and eDiscovery settings to be incorrectly configured for immutability on the new platform.
As the name of workshop suggests, this is very much what we consider a ‘Baseline’ of the settings and controls that should be in place, but we also look at the entire Microsoft Cloud Security stack and identify and prioritise specialist workshops that should follow to ‘drill down’ into more advanced requirements on areas like Mobile Device Management (MDM), Data Loss Prevention (DLP) and Cloud App Security.
In summary, the Security Baseline Workshop includes the following areas:
- Matching security features with the current onsite requirements and gap analysis.
- Matching security functionality to the licensing you have purchased, identifying security options not being used or where the relevant licensing is missing.
- Defining the administrative control through Role based Access Control,
- Reviewing retention policies on email, SharePoint and OneDrive content,
- Ensuring email security features and Enterprise Online Protection (EOP) settings match the client’s current gateway security e.g. as provided by MailMarshal, IronPort, GFI, etc.,
- Skype Business and OneDrive compliance and information security,
- Review of basic DLP and MDM policies, and
- Identifying advanced requirements and establishing a road map if required.
- As the name of the process suggests, this is very much what we consider a ‘baseline of the settings and controls that should be in place, but the workshop will also identify and prioritise specialist workshops that would follow for more advanced requirements on things like Mobile Device Management, Data Leak Prevention, CloudApp Security and more.
Advanced Security Workshop
Recommended for: Businesses working with sensitive information who have existing high-level, internal security controls and reporting standards e.g. government departments, financial services, legal offices, etc.
- Advanced Office 365 management, adoption & sub-tenant licencing & administration.
- Office 365 retention management & eDiscovery
- Advanced identity management options, including:
- True single sign on via ADFS
- Two factor authentication
- Data loss prevention (DLP)
- Mobile Device Management (MDM)