← Back to services // Defensive

Microsoft 365 Review

Complete M365 security assessment

€3000 package price

A comprehensive security review of your Microsoft 365 environment. Including configuration analysis, policy assessment and concrete recommendations. Performed together with the Attic platform.

What is a Microsoft 365 Review?

A Microsoft 365 Review is a security assessment of your complete M365 environment. We analyse Exchange Online, SharePoint, OneDrive, Teams, Entra ID, Intune, Defender and all other M365 services. The goal: finding misconfigurations that expose your organisation to data breaches, account takeover or unauthorised access.

We perform this review with Attic Security, our own platform for M365 monitoring. We built Attic because we saw that organisations fell back into insecure configurations after a one-off review. Attic automatically scans your tenant for hundreds of misconfigurations and compares against CIS Benchmarks. Our researchers then analyse the results manually and deliver a prioritised report.

What do we assess?

  • Exchange Online - mailflow rules, external forwarding, anti-phishing policies, DMARC/DKIM/SPF.
  • SharePoint & OneDrive - sharing settings, guest access.
  • Teams - external sharing, guest policies, app permissions.
  • Entra ID - MFA, conditional access, password policies, legacy authentication, PIM.

Our approach

We perform this review with Attic Security, our own platform for M365 monitoring.

  1. Attic Security scan - automated scan across hundreds of configuration points.
  2. Manual analysis - our researchers review the results, identify false positives and analyse context.
  3. Risk prioritisation - every finding assessed on actual impact and exploitability, not just compliance.
  4. Quick wins - which changes can you implement today for immediate improvement?
  5. Reporting - management summary, prioritised findings, step-by-step implementation guide.
  6. Optional: implementation support - we help with implementation if your IT team wants that.

What does a Microsoft 365 Review cost?

Fixed package price of €3,000 (excl. VAT). This includes:

  • Attic Security scan
  • Manual analysis by an M365 security researcher
  • Prioritised report with concrete recommendations
  • Presentation of the results

Larger organisations (>1000 users) or complex multi-tenant setups: custom pricing. After the review you can switch to continuous monitoring with Attic Security.

Frequently asked questions

What is the difference between an M365 Review and an Azure / Entra ID Assessment?

The M365 Review focuses on all M365 services: Exchange, SharePoint, Teams, Intune, Defender. The Azure / Entra ID Assessment goes deeper into identity management and Azure cloud resources. We regularly combine both - that is our recommendation for a complete picture.

How long does the review take?

Turnaround: 1-2 weeks from start to report. The Attic scan runs in hours; the manual analysis and reporting take the bulk of the time. We work efficiently because we built the tooling ourselves.

Which rights do you need?

A Global Reader or Security Reader account. Read-only, we change nothing. We only ask for what is necessary.

Can you also help with implementing the recommendations?

Yes. From conditional access policies to Exchange configuration, we help with implementation if your team wants that. Quoted separately based on hours. Short lines: you call the person who wrote the report.

Related services

// Offensive

Azure / Entra ID Pentest

Misconfigurations, identity risks and privilege paths in your Microsoft cloud

 // Defensive

Attic Security

Continuous Microsoft 365 hardening

 // Defensive

Incident Response

24/7 available for security incidents

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch