Cloud & SaaS Security

Secure your Microsoft 365 environment.

We assess your Microsoft 365 tenant configuration against the CIS Microsoft 365 Foundations Benchmark, identifying misconfigurations across Entra ID, Exchange Online, SharePoint, Teams, Intune, and Defender that could expose your organisation to attack.

Get in Touch View Our Methodology

What we offer

Microsoft 365 security, reviewed thoroughly.

CIS Benchmark Aligned

We assess your M365 tenant against the CIS Microsoft 365 Foundations Benchmark, providing a structured, industry-recognised assessment of your configuration.

Full Tenant Coverage

Our review covers Entra ID, Exchange Online, SharePoint, OneDrive, Teams, Intune, Defender, Purview, and Microsoft Fabric across your tenant.

Practical Recommendations

Every finding comes with clear, step-by-step remediation guidance that your IT team can implement directly in the M365 admin centre.

Scope

Areas we can review.

Microsoft Entra ID & Identity

Conditional access policies, MFA enforcement, authentication methods, privileged role management, guest access, sign-in risk policies, and identity protection configuration.

Exchange Online & Email Security

SPF, DKIM, and DMARC records, anti-phishing and anti-spam policies, safe attachments and links, mail flow rules, SMTP AUTH, and mailbox audit configuration.

SharePoint, OneDrive & Teams

External sharing and link policies, guest access controls, meeting and lobby settings, external communication restrictions, app permissions, and file sharing configuration.

Data Protection & Purview

Data loss prevention policies, sensitivity label configuration, audit log settings, and information protection policies across the Microsoft 365 environment.

Device Management & Intune

Device compliance policies, enrollment restrictions for personal devices, Entra join configuration, local administrator settings, and BitLocker management.

Microsoft Defender & Fabric

Defender for Cloud Apps configuration, priority account protection, zero-hour auto purge, and Microsoft Fabric tenant settings including external sharing and service principal access.

How we work

Our methodology.

Step 01

Scoping

We agree the scope of the review, access requirements, and any specific M365 services or configurations to prioritise.

Step 02

Configuration Review

Systematic review of your M365 tenant settings against security best practices, Microsoft benchmarks, and industry standards.

Step 03

Findings Categorisation

Results are grouped by domain area such as identity, email, and data protection, so remediation can be tackled in logical batches rather than as a flat list.

Step 04

Reporting

Clear, prioritised findings with step-by-step remediation guidance that your team can implement directly in the M365 admin centre.

What you receive

Your deliverables.

M365 Security Report

A single report covering executive summary, per-finding detail with affected settings, current vs recommended configuration, severity ratings, and step-by-step remediation.

Findings Debrief

A walkthrough of the results with your technical team, covering key findings, risk context, and remediation priorities, with time for questions.

Ongoing Support

Post-engagement support from the Illume team to answer questions about findings and remediation guidance.

FAQ

Frequently asked questions.

What do you assess against?

We assess your Microsoft 365 tenant against the CIS Microsoft 365 Foundations Benchmark, an industry-recognised standard maintained by the Center for Internet Security. The benchmark covers Entra ID, Exchange Online, SharePoint, Teams, Intune, Defender, Purview, and Microsoft Fabric, providing a structured and repeatable assessment framework.

What access do you need to our M365 tenant?

We typically require a Global Reader role in your M365 tenant, which provides read-only access to all configuration settings without the ability to make changes. We can discuss alternative access arrangements during scoping.

Will the review disrupt our M365 services?

No. The review is entirely read-only. We examine configuration settings and policies without making any changes to your tenant or affecting service availability.

Do you review all M365 services?

We cover the core security-relevant services including Azure AD/Entra ID, Exchange Online, SharePoint, OneDrive, and Teams. If you use additional M365 services, we can include those in scope during the scoping call.

How long does a Microsoft 365 review take?

A typical M365 security review takes between 3 and 5 days depending on the size and complexity of your tenant. Larger organisations with multiple domains, complex conditional access policies, or extensive SharePoint estates may require additional time.