Cloud M365 Security

M365 Security Basics Logo

M365 Security Basics is a part of our CloudInsight™ family of products, offering visibility into security settings for Azure Active Directory and O365/M365 tenants

29% of organizations had their Microsoft 365 accounts compromised by hackers in 2019
Barracuda Networks

92% of companies have their cloud service credentials for sale on the Dark Web
McAfee

Common risks detected by M365 Security Basics

Compromised User Accounts

Accounts compromised and
unnoticed for up to a year

Unknown Users and Forwarders

Non-approved access or external forwarding of employee emails

Unapproved Email
Access

Sign-ins from foreign countries, disabled mobile devices, and non-approved home computers

Insecure Protocols
Enabled

Obsolete protocols enabled but not used leaving institutions open
to vulnerabilities

Unknown Use of
Sharing Tools

Employees commonly use SharePoint and One Drive, unbeknownst to
the institution

Targeted Phishing or
SPAM Attacks

Individual employees were being targeted without the knowledge of the institution

Designed for Community Banks and Credit Unions Who:

  • Have O365/M365 — Exchange Online, SharePoint, or OneDrive
  • Use Azure Active Directory
  • Store any non-public information (NPI) in the Cloud
  • Are unsure if their cloud tenant is secure
  • Need to increase visibility of potential security risks and indicators of compromise
  • Want access to specific data required by examiners and internal stakeholders

What do you get with M365 Security Basics?

Reporting

A curated view of your most essential Microsoft cloud tenant settings, enabling you to identify risky security settings, monitor identity controls, ensure your configuration matches your institution’s information security policy, and demonstrate this to oversight bodies. Reports are organized into Summary versions for quick reference and Details versions for deeper dives.

  • Tenant Summary
  • User Summary
  • Mobile Device Mailbox Policy Details
  • Azure Device Details
  • Inbox Rule Details
  • Mailbox Permission Details
  • Client Access Details
  • User Details
  • Junk-Mail Configuration Details
  • Plan and Policy Details
  • Quarantined Email Details
  • Sign In Details

M365 Security Basics Sample Report
M365 Security Basics Sample Report
M365 Security Basics Sample Report
M365 Security Basics Sample Report

Alerting  (Add-on)

Notifications for the most common indicators of compromise in your Microsoft M365/O365 tenant. This curated set of alerts watches for the events that are linked to most instances of unauthorized access, especially business email compromise to provide the earliest possible warning of suspicious behavior. Alerts are organized into the following categories:

  • Azure AD Roles
  • Azure AD Sign Ins
  • OneDrive
  • SharePoint
  • Exchange Online

Quarterly Review  (Add-on)

This quarterly consultative engagement serves to provide a periodic objective review of recent reporting generated by M365 Security Basics Reporting, with the goal of advancing your understanding of your Microsoft M365/O365 tenant security. Each quarter, Safe Systems will review the most recent M365 Security Basics Reporting report and set a meeting to cover:

  • Ongoing education on fundamental M365 security concepts
  • Discussion of any observed anomalies on the report

Major cloud providers, like Microsoft Azure, will automatically enable new features, introducing security and compliance concerns for financial institutions. M365 Security Basics allow you to regularly monitor and review your configurations.

Frequently Asked Questions

M365 Security Basics FAQ

Microsoft spends millions of dollars every year keeping their platform and your data as safe as possible, but Azure is a robust platform with a huge feature set. The features you determine to use (or not use) will impact your security posture. Therefore, you must weigh each security setting against your institution’s risk assessment and risk appetite. Since an unacceptable risk for one institution may be a completely acceptable risk for another, the responsibility to configure and maintain the proper controls falls entirely on your institution.

Your vendor management process and due diligence work confirm Microsoft is following their processes to keep your data safe and secure; however, it does not address if you are taking advantage of security features Microsoft offers its customers.

Features and risks change over time. As Microsoft adds more features, they often add security options for these features. Therefore, your security posture needs to be evaluated regularly to ensure that you are taking advantage of the newest options, recommendations, etc.

If you’re like me and not a Microsoft guru, this software is a great set of second eyes to make sure nothing is overlooked. With the alerts, we’re staying ahead of issues proactively and not just waiting for a problem to arise.
Read More

Zach Horn, Network Administrator at Glennville Bank

This has been a very informative process for us and we look forward to more effectively managing our O365 environment.
Read More

Aaron Miller, IT Project Manager, Franklin Bank & Trust Company

With what we’re seeing in the industry and how often Microsoft is changing, we needed a product and team that could help us uncover deficiencies we might not know we had… Being able to pull on-demand reports has been a really great addition for us.
Read More

Robert Vickers, Senior Vice President and Chief Operations Officer, Affinity Bank

I bring the summary report to our IT Steering committee meetings because it allows the team to easily see the issues and advancements we can make. It’s a great overview and touch base from the largest settings all the way down to mailbox usage.
Read More

Zach Horn, Network Administrator at Glennville Bank

The alerts and reporting features are great tools for us to make sure we aren’t missing anything and maintaining the effectiveness of what we do.
Read More

Aaron Miller, IT Project Manager, Franklin Bank & Trust Company

While we haven’t seen any major threats or issues, knowing we have M365 Security Basics and the Safe Systems team in our corner has certainly put our minds at ease.
Read More

Robert Vickers, Senior Vice President and Chief Operations Officer, Affinity Bank

Ready to get started?

M365 Security Basics was developed for community financial institutions by qualified engineers who hold dozens of certifications, including the Microsoft 365 Certified: Security Administrator Associate certification. We are confident that this offering will help you document and improve your cloud security posture.


CloudInsight™ is a new family of products that provides an array of reports and alerts customized for the financial services industry to enhance security awareness in the Cloud by identifying potential risks and common indicators of compromise.