Microsoft 365 Security Audits and Advice

to prove that your security is top class.




Why would Microsoft 365 be a target?

For many organisations, Microsoft 365 is used for the majority of internal and external communication, and it is a rich store of information.

In other words, it’s a valuable target for a cyber attacker.

What’s the worst that can happen?

If an attacker gains access to a staff member’s M365 account:

  • They can view and download any emails, files, or messages accessible in M365 from that account.
  • They can set up ways to retain access, so even when the account password is changed or all sessions are logged out, they will still be lurking.
  • And they can use this access to send malicious emails, files, or messages to other staff members, or to your clients.

If an attacker gains access to an administrator’s M365 account:

  • They can do all of this. And more.
  • In fact, they can do whatever they like.
  • And the first thing they will probably do is disable all of your administration access, so you can’t stop them.

Do we need to think about the likely impact of such attacks? Things like…

  • Immediate business disruption.
  • Long term reputational damage.

I’ll stop there.

How can you reduce the risk?

If you want to ensure you’re not an easy target, my Microsoft 365 Security Audit is the solution.

It focuses on the key security measures that can significantly reduce the risk of your Microsoft 365 environment being breached by an attacker.

My assessment:

  • Ensures you are not an easy target for cyber criminals.
  • Save you time and money by making sure you’re investing in security measures that will make the most significant difference.
  • Ensures you can speak confidently with your clients and prospects about the security of your Microsoft 365 environment.

Microsoft 365 Security Audit

The Benefit

  • You will know the specific steps required to ensure your organisation’s Microsoft 365 environment is not an easy target for cyber attackers.

The Scope

The assessment will include a review of the security configuration of the following Microsoft 365 components:

  • Email (Exchange Online)
  • Teams
  • SharePoint
  • OneDrive

The Reference Baselines

The assessment will align to a benchmark or baseline that is appropriate to your needs and to the expectations of your clients.

This could include baselines / frameworks published by:

  • CISA (The US Cybersecurity and Infrastructure Security Agency), in its Secure Cloud Business Applications (SCuBA) Security Baselines.
  • NSCS-IE (Ireland’s National Cyber Security Centre) Office 365 Secure Configuration Framework (Foundational & Standard Controls / Levels 0 & 1).
  • CIS Controls.
  • NIST Cyber Security Framework (CSF).

The Process

  • We will discuss your specific needs so we can identify an appropriate ‘target end-state’ for your environment.
  • I will perform an in-depth and independent security assessment of your Microsoft 365 environment.
  • The assessment will be driven by a methodology and set of checklists that I have developed over many years.
  • The assessment will also reflect your current “ways of working” to ensure the security recommendations minimise the impact on how you currently do business.

The Deliverables

  • A clear and detailed recommendations report, written in Plain English, that will show you how to ensure your Microsoft 365 tenant is configured in line with best practice so it is not an easy target for cyber attackers.
  • An action tracker checklist, listing each recommended action in priority order.  You can use this to track your implementation of the recommendations.
  • A 60-minute walkthrough (via MS Teams or Zoom) of the recommendations report, so we can address your questions or comments.
  • 1-month and 3-month Check-In / Review Workshops: 1 month and 3 months after completion of the assessment, we will meet for 60 minutes (via MS Teams) to review progress and identify ways to sustain / regain momentum.

The Fee

  • Standard Option: €1,975 + VAT.
    • The audit will start within the next few weeks and will be completed within 2-3 weeks of the start date
    • This is a good option if you are not under pressure to get this completed.
  • Fast Lane Option: €2,725 + VAT.
    • This compresses the timeline.
    • The audit will start as soon as possible and be completed within 2-3 days of the start date.
    • This is a better option if you are under pressure to get an assessment completed, or you want to just get this off your to-do list as soon as possible.

How To Get Started

  1. Register below.
  2. We will review your details to ensure this is a good fit for you.
  3. We will then provide a provisional date for the audit, and provide you with an invoice that includes a link to our online payments facility.
  4. The date will be confirmed when payment is received.

Frequently-Asked Questions

Yes. You will receive an invoice and a link to an online payment facility during the signup process.

Yes, no problem. Your company details will be gathered during the signup process, and an invoice will be issued to you at that point.

Just keep in mind that bank transfers will take longer to process, and the date for the assessment is only confirmed when payment has been received by Code in Motion.

Yes, this is possible.

Please note the following:

  1. The fee increases by €200 to reflect the delayed payment and additional administration required to facilitate this.
  2. The assessment date will not be confirmed until Code in Motion receives a PO Number from you (or an approval email from an authorised officer / senior manager of your organisation).
  1. The assessment will show you how to secure your Microsoft 365 environment.
  2. No changes will be made to your Microsoft 365 environment during the assessment – The account used will only have read-only access, so even if we wanted to make changes, we can’t.
  3. The assessment will be performed by Sam Glynn.
  4. The assessment will be completed within the agreed timeframes.
  5. The assessment will be in Plain English – You will not need an English/Techspeak dictionary.
  6. And to top it all off, it comes with a 100% money-back guarantee: If you are unhappy for any reason, just shout and your fee will be refunded immediately.

When it comes to implementing the recommendations, there are a few options.

For example:

  1. Done by you: You may have the knowledge and resources (either in-house or via a trusted third party) to implement the recommendations.
  2. Done with you: Similar to ‘Do it yourself’, but you may want to retain Code in Motion’s assistance – e.g. to help you formulate a detailed project plan; to be available for any questions that arise along the way; to mentor and coach someone so they learn how to do it.
  3. Done for you: You may prefer that Code in Motion and our partners to do some or all of this for you. Code in Motion does not seek to sell additional services or products. But if you need assistance with any aspects of the implementation, Code in Motion and our wider network of trusted partners can certainly help.

Knowing WHAT you need to do should be your focus right now. Identifying HOW you can do it will become clearer as we work through the process.

I get it. You’re not buying toilet roll here. Before you commit, you want to make sure this is going to work for you.

Let’s have a quick conversation to see if this is a good fit.

We will focus on your needs, your goals, and how Code in Motion may be able to support you. You won’t be sold a service on the call – it’s just about seeing if it’s the right fit for you.

Book a 30-minute chat with Sam Glynn at