Microsoft Cloud Security Audit

Gain peace of mind knowing your Microsoft 365 deployment adheres to best practices.
Without any interruption to your daily activities, we run diagnostics and custom scripts focusing on key areas of your cloud security. These include your identity, apps, devices, infrastructure, and data protection measures. We then report on areas of improvement with recommended steps to remediate.

Security Audit

The first step we undertake is to complete a preliminary Cloud Security Audit. During the period we will report on:

Azure AD User Login locations (up to 90 days of logs)
Mailbox Login Locations (up to 90 days of logs)
MFA Status
Microsoft Secure Score recommendations
Inbox forwarding rules
Transport rules
Unblocked Shared Mailboxes
Mobile Devices
Applications Authorised by UsersApplications with access to user data
External Sharing (up to 90 days of logs)
Activity from unexpected countries (up to 90 days of logs)

Data Breach Readiness

The Cloud Security Audit is designed to help Australian businesses comply with the Australian Privacy Laws.

Effective 2018, fines of up to $2.1 million apply to businesses who suffer a data breach and do not comply with the new Notifiable Data Breach law within the Australian Privacy Act.

The GCITS Data Breach Readiness Kit assists with compliance by leveraging key Microsoft security technologies to protect your business.

Security for the modern workplace

The new laws require that a business must now disclose a data breach if it’s likely that someone will come to serious harm. Fines of up to $420,000 for Directors and up to $2,100,000 for businesses are considered for serious instances where a business is aware of a data breach but fails to notify the relevant parties.

Do you need to comply with the NDB Scheme?

The law applies to businesses with a turnover of $3 million or more. It also affects private sector health service providers like medical centres, pharmacists and even gyms. Any company that retains private information may be affected.

Because it falls under the existing Privacy Act 1988, it extends to companies that buy and sell consumer information (such as companies that track credit scores) and many finance-based businesses. Additionally, private schools, private learning centres and child care centres are also bound by the new law.

Securing apps with GCITS Secure Managed Services

Security Report

At the completion of the audit, you will receive a report on:

Recommendations to improve your security posture (including the ongoing monitoring of alerts)
Enhanced Office 365 Licensing
Improvements to Alerts
Example Automated Investigation for forwarding rule alert
Example Automated Investigation for external sharing alert
Example Automated Investigation fo unusual deletion alert
Samples of advanced alerting with Cloud App Security
1. Unexpected sign-ins
2. Impossible Travel
3. Mass Deletion Events
4. Mass Downloads

GCITS Security Pack

We provide both recommendations and remediation steps to secure and improve your Microsoft 365 deployment. Configuring Microsoft 365 security tools can be a time-demanding exercise. GCITS has leveraged our years of experience to automate the deployment of many security policies and monitors. The platform will enhance your Microsoft 365 security posture and is available to both new and existing Microsoft 365 deployments.

Security and Automation

Our research and experience in remediating security breaches has been used to develop our own security tooling. We actively monitor your environment in real time for suspicious behaviours and take appropriate action.

What’s included

Real time location monitoring

We monitor the login locations for every sign in, and alert on activities outside of expected countries.

Phishing protection

Get warnings when an external user attempts to impersonate an internal user.

External forward monitoring

We monitor automatic forwarding rules. A common tactic employed by hackers to exfiltrate data.

Security reporting

Monthly reports on security scores and important metrics.

Audit Logging

Logging and auditing is enabled across all Office 365 services and mailboxes.

MFA implementation

Multi-factor authentication is enabled and implemented for all users.

Email backup

Emails are securely backed up to a third party service.

Admin role tracking

Office 365 Admin role changes are monitored and reported daily.

Rapid offboarding

Departing users are offboarded in seconds, with emails backed up, company access disabled, and mail forwards in place.

No matter what your IT concern is, get in touch with us today.