Microsoft 365 Review

What is a Microsoft 365 Review?

A Microsoft 365 Review is a security assessment of your complete M365 environment. We analyse Exchange Online, SharePoint, OneDrive, Teams, Entra ID, Intune, Defender and all other M365 services. The goal: find misconfigurations that expose your organisation to data leaks, account takeover or unauthorised access.

We perform this review with Attic Security - our own platform for M365 monitoring. We built Attic because we saw organisations reverting to insecure configurations after a one-time review. Attic automatically scans your tenant for hundreds of misconfigurations and compares against CIS Benchmarks. Our researchers then manually analyse the results and deliver a prioritised report.

What do we assess?

• Exchange Online - mailflow rules, external forwarding, anti-phishing policies, DMARC/DKIM/SPF.
• SharePoint & OneDrive - sharing settings, guest access, anonymous links, document sensitivity.
• Teams - external sharing, guest policies, app permissions.
• Entra ID - MFA, conditional access, password policies, legacy authentication, PIM.
• Intune - compliance policies, device configuration, app protection.
• Defender - threat policies, safe links/attachments.
• Audit & Compliance - unified audit logging, DLP, retention policies.

Why should you get a Microsoft 365 Review?

Virtually every Dutch organisation uses M365. The default configuration is not secure:

• External sharing is open: SharePoint and OneDrive share with external parties by default, including anonymous links.
• Mail forwarding rules: attackers configure forwarding to external - rarely detected.
• Legacy authentication bypasses MFA: old protocols are often still enabled.
• Excessive guest access: external guests have more access than necessary.
• Audit logging off: must be explicitly enabled - many organisations have not done this.

Our approach

We built Attic Security. Nobody knows M365 security better than we do:

• Attic Security scan - automated scan for hundreds of configuration points.
• Manual analysis - our researchers review results, identify false positives and analyse context.
• Risk prioritisation - each finding assessed on actual impact and exploitability, not just compliance.
• Quick wins - which changes can you implement today for immediate improvement?
• Reporting - management summary, prioritised findings, step-by-step implementation guide.
• Optional: implementation support - we help implement if your IT team wants it.

Questions afterwards? Call us. We know your tenant and are happy to help.

What does a Microsoft 365 Review cost?

Fixed package price of €3,000 (excl. VAT). This includes:

• Attic Security scan
• Manual analysis by an M365 security researcher
• Prioritised report with concrete recommendations
• Presentation of results

Larger organisations (>1,000 users) or complex multi-tenant setups: custom pricing. After the review you can transition to continuous monitoring with Attic Security.