IT Risk and Audit Services

Office 365 Security Assessments

Office 365 Security Assessment Services

Office 365 is an integrated experience of applications and services, designed to help an organization grow its business. Apps like Word, Excel, PowerPoint, and more are updated monthly with the latest features and security updates. Office 365 uses cloud-based email to reach customers and coworkers, wherever work takes you. Whether it's internal collaboration in Teams, sharing and group editing files in OneDrive, or participating on client calls in Skype, the Office 365 family of apps plays a vital role in the internal functions of thousands of organizations. But with this heightened dependence come increased security risks. Moving traditional office applications to a cloud-based service introduces risks in areas such as:

  • Accessibility and Access Controls
  • Messaging Security
  • Data Corruption and Security
  • Migration
  • Risk Mitigation

Our Security Assessment can identify weaknesses within the configuration, policies, and access controls of an Office 365 environment. This process includes using tools such as the Office 365 Secure Score and Microsoft Baseline Security Analyzer, combined with observations and interviews to compile a matrix of risks and gaps. Compass also provides detailed remediation recommendations with links to the various configuration pages within Office 365 where these settings can be applied. Our assessment includes a review of the local Active Directory system for common weaknesses in installation, configuration, policies, and object access control. Following the recommendations from this service will help to minimize the potential of a data breach or a compromised account.


  • Executive Summary Report - This report will provide a high-level overview of the assessment process, methodology used, and overall risk to the organization based on the results of the assessment
  • Office 365 Detailed Control Matrix - This report will outline the controls contained within Microsoft Office 365 and what the organization is doing compared to these controls. Each control, if applicable, will provide a risk ranking as well as a remediation strategy to reduce the overall risk related to that control

Let Compass IT Compliance assist your organization in assessing any risks present through our Office 365 Security Assessment so you can secure your Office 365 environment, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.

Compass Blog Posts

Contact Us