Services
Microsoft 365 & Cloud Security
This section includes a comprehensive review of Conditional Access Policies (CA), including location-based rules,
multi-factor authentication (MFA) enforcement, and legacy authentication controls. We assess risky sign-ins, service
accounts, compliance device policies, and Entra ID Protection. Audit logs and unified logging settings are evaluated.
Configurations are compared against CISA’s Microsoft 365 security baseline across Defender, Entra ID, Exchange
Online, SharePoint, OneDrive, and Teams. Alerts and health check configurations are also reviewed.
Domain & DNS Security
Includes analysis of DNS record configurations (SPF, DKIM, DMARC), WHOIS data, SSL certificate expiration, and
DNSSEC implementation to ensure domain and email infrastructure integrity.
Network Infrastructure Security
Covers open port scanning, service exposure analysis, network segmentation practices, VPN and remote access
configurations, and the configuration of intrusion prevention systems, DDoS protection, SSL inspection, and URL
filtering. Patch management for network hardware is also assessed.
Vulnerability Management
Assessment includes internal and external vulnerability scanning using industry-recognized tools, identification of
unpatched systems, and validation of patch management processes.
Endpoint Protection
Focuses on antivirus policy compliance, deployment of Endpoint Detection and Response (EDR) tools, Mobile Device
Management (MDM) usage, and enforcement of Bring Your Own Device (BYOD) policies.
Access Control & Identity Management
Evaluation of password policies, role-based access control (RBAC), least privilege principles, dual approval
mechanisms, and Privileged Access Management (PAM) or just-in-time access controls.
Data Protection & Compliance
Analyzes data classification, labeling, and protection strategies. Reviews Data Loss Prevention (DLP) policies and
evaluates compliance with privacy laws such as GDPR and CCPA.
Dark Web Monitoring
Includes search and reporting of compromised credentials associated with the organization across dark web
databases using tools like HaveIBeenPwned or DarkWeb ID.
Incident Response
Analysis of incident detection, investigation, and response procedures. Verifies the existence of IR playbooks,
runbooks, and SOC integration.
Disaster Recovery & Business Continuity
Assessment of documented DRP and BCP strategies, frequency of test execution, and gap analysis in critical
services coverage.
Security Awareness & Training
Evaluation of cybersecurity awareness training programs and phishing simulations to measure employee vigilance.
Backup & Recovery
Review of backup policies, encryption, retention periods, and effectiveness of restore operations.
Certificate & Key Management
Inventory and analysis of certificates in use, expiration timelines, and validation of trusted certificate chains.
Reporting & Documentation
Includes a consolidated final report, categorized by findings and recommendations. Each issue is rated by criticality
(High / Medium / Low). A checklist of required inputs and system access is also provided before audit initiation. The
offering also differentiates between free and premium audit components.