Microsoft Security Risk Assessments
Trusted Microsoft & Office 365 Security Risk Assessment partner.
- Free no-strings-attached Microsoft Security Risk Assessments
- Managed Microsoft Office 365 Risk Assessment Services for businesses big & small
- Open term contracts
- Artificial intelligence and automation at our core
How can we help?
Our New Zealand Microsoft Security Assessment service has been designed to help identify, prioritise and mitigate the risk of cyber-attacks such as phishing emails, Business Email Compromise (BEC), malware, DDoS attacks and unauthorised access. Our Microsoft assessments will help you mitigate cloud infrastructure and data breaches. We can help you secure your Microsoft 365 and Azure environment from cyber threats.
Book a free consultation.
Office 365 is one of the largest cloud platforms in the world and is protected by Microsoft. Surely if I’ve purchased Microsoft 365 services and our IT guys installed it, I don’t need to do anything else right? Wrong! Microsoft does offer a suite of protective features, but by default, a lot of these features are disabled as this aids ‘ease of use’. Your business needs to assess security versus usability and select configurations suitable for your needs and mitigate risks and that’s where we can help.
Our structured engagement uses an international benchmark designed with Microsoft to evaluate and prioritize security configurations of Microsoft 365 and Microsoft Azure.
Our Microsoft Office 365 Email Security services across New Zealand include:
- Microsoft 365 Security Assessment
- Microsoft Azure Security Assessment
- Microsoft Azure Security Architecture Design Assessment
Throughout our assessment process, we will:
- Understand your business. Your objectives and challenges.
- Assess and identify Microsoft security gaps.
- Conduct workshops with stakeholders to review findings, prioritise and align expectations.
- Define and prioritise an actionable remediation roadmap based on risk.
- Work with your teams to remediate the gaps.
- Re-assess to ensure that gaps have been closed and provide you with the assurance that risks have been mitigated so that your reputation, data and systems are protected.
Why Simplify Security?
Reliability you can trust
Let’s face it, Kiwis can be a bit laid back and that sometimes means companies not returning your calls, turning up on time or delivering on promises. Not us – we pride ourselves on reliability, dependability and integrity.
We all know there is a skills shortage in cyber security. Forget the stress of recruitment and retention by leveraging our highly skilled professionals. Just look at their accreditations - they know their stuff.
Employing a full time cyber security professional is not an affordable option for most SMBs. We offer competitive, affordablele and flexible subscriptions with no long term restrictive contracts.
Artificial Intelligence (AI) and automation are at our core. We use the power of AI to predict and protect against known and unknown threats, to keep your business and interests safe.
This customer reached out to our cyber security consultants when they suffered a considerable financial loss after falling victim to a spear-phishing attack.
The attacker was able to gain access to the email platform and monitor the email flow and exfiltrate contacts of our customer. The attacker had been lurking in their Office 365 for months, reading emails and learning about their processes and partners. Once they had gained the required knowledge, they launched their simple but effective attack. Posing as one of our customer’s partners, they sent a spoof email requesting their bank account details to be changed and for funds to be transferred into the new account. The email was sent to the correct employee and was a good imitation of how the partner’s emails usually look. Acting as instructed, the employee changed the account details and transferred the funds.
Frequently Asked Questions
See our Microsoft Risk Assessment frequently asked questions below for help and advice.
How do security breaches tie into Office 365?
There are many examples of security breaches that could have been prevented by correct configuration of Office 365. For example an attacker gaining access to your emails without multi-factor authentication enabled or an attacker using your email domain to generate a spoofing attack when email authentication is disabled. Most of the security breaches we deal with are due to lack of multi-factor authentication and proper email security measures that mitigate spoofing, phishing emails and other threats.
Is Microsoft 365 secure?
Yes – as long as it is configured correctly. Our Office 365 & Microsoft Security Risk Assessments are comprehensive, and leverage the very latest AI office 365 advanced threat protection tools & technologies.
What security features does Microsoft 365 have?
Microsoft 365 has a multitude of email security features across the following products:
- Microsoft threat protection
- Office 365 Advanced Threat Protection (ATP)
- Microsoft defender ATP
- Microsoft cloud app security
- Microsoft Intune
Microsoft Azure also has email security features available within its products:
- Azure ATP
- Azure Security Center
Each product has a long list of configurable email security features but some of the high-level features include:
- Multi factor authentication; an additional layer of protection in the office 365 audit log process.
- Azure identity protect; the use of machine learning to analyze how you work so a suspicious office 365 audit log in can be flagged.
- Mobile device management; controlling how employees access company data from mobile devices.
- Encrypted email and data loss prevention; ensuring nobody but the intended recipient can receive and read emails.
- Privileged identity management; the ability to highly configure admin rights like granting temporary admin access.
How do I make Office 365 more secure?
You should engage with experts who really understand the security features of Office 365 and the needs of your business. If you read the small print of the agreement with your IT service provider it probably says that they’ll install and run Office 365 with no mention of configuration or optimisation. That’s why it’s best to leave that to the security professionals. Contact us for a no-obligation free quote.
Since the news of this critical RCE (CVE-2021-44228) in Apache log4j was made public on Friday, Simplify Security's MTR team has been investigating activity to improve detection and response capabilities. As a quick summary, this vulnerability results from how log4j...
On December 9, 2021, the Apache Log4j project’s GitHub publicly disclosed a high severity vulnerability that impacts Apache Log4j 2 versions 2.0 to 2.14.1. The vulnerability allows for unauthenticated remote code execution on Log4j 2, an open-source Java logging...
New Zealand’s privacy laws haven’t changed since 1993, but technology and the way we live our lives online has changed significantly since then. Around the world, privacy laws are being updated to cover the needs of our changing...