Most Microsoft 365 environments were set up quickly and never hardened. Weak conditional access, legacy authentication still enabled, no inbox rule monitoring, too many global admins. We review your entire environment and tell you exactly what needs to be fixed before an attacker finds it first.
A real assessment goes beyond surface-level checks. We review the configurations, controls, and visibility gaps that attackers actually exploit.
MFA enforcement, Conditional Access policies, legacy authentication, privileged account review, Entra ID role assignments, and guest access controls. Identity is the primary attack surface in every incident we have responded to.
Inbox rules across all accounts, external forwarding settings, impersonation protections, phishing simulation history, anti-spoofing controls, and DMARC and SPF configuration. Email is still the number one entry point.
Mailbox audit logging status and retention, unified audit log configuration, sign-in log review, risky user detection, and alert configuration. Without visibility, attacks go unnoticed for weeks.
Global administrator count, admin account hygiene, just-in-time access controls, service account review, and application permission audit. Over-permissioned accounts are the fastest path to a full tenant compromise.
Device compliance policies, Intune enrollment status, endpoint detection coverage, and device-based Conditional Access enforcement. Unmanaged devices are a common gap attackers exploit.
External sharing settings, anonymous link policies, sensitive data exposure, and permission audit across SharePoint sites and OneDrive. Data exfiltration often starts here and goes undetected.
Every finding documented with context — what it is, why it matters, what an attacker would do with it, and exactly how to fix it. Not a checkbox compliance document. A practical guide to hardening your environment.
Findings ranked by risk so you know what to fix first. High-severity gaps that create immediate exposure are separated from lower-risk configuration improvements. You always know what matters most.
A live walkthrough of the findings with the same engineer who ran the assessment. Not a canned presentation. A direct conversation about your environment, your risks, and the specific steps to address them.
If you want us to implement the fixes rather than hand off a report, we can. Conditional Access hardening, MFA enforcement, audit log setup, inbox rule alerting, and privilege reduction are all things we handle directly.
Allows attackers with valid credentials to bypass MFA entirely using older protocols like SMTP AUTH or IMAP. One of the most commonly exploited paths into Microsoft 365.
Most environments have far more Global Admin accounts than necessary. A compromised Global Admin gives an attacker the ability to modify security settings, create new accounts, and cover their tracks.
Without audit logs, there is no forensic record of what an attacker did inside a mailbox. This turns a manageable incident into an unresolvable one.
Inbox rules are the primary persistence mechanism in BEC attacks. Alerts can be configured natively in Microsoft 365 in minutes. Most environments have never set them up.
MFA is enabled but Conditional Access is not configured. Attackers from unknown devices in foreign countries face no additional barriers beyond a password they already have.
Anonymous sharing links and unrestricted external access create data exfiltration paths that rarely trigger alerts. Sensitive client files are often accessible to anyone with a link.
Client communications, trust accounts, litigation files, closing documents
Tax data, financial records, client credentials, payroll information
PII, claims data, policy documents, regulatory compliance
Closing documents, wire instructions, buyer communications, title data
Already have an IT team or MSP? A security assessment is not a criticism of your IT provider. It is a specialized review that most IT teams do not have the tooling or training to perform. We work alongside your existing provider and share findings directly with them so remediation can happen fast.
Firms that handle client money, sensitive data, and high-stakes transactions.
We brought Eric in on a complex DFIR engagement involving potential data exfiltration across SharePoint and OneDrive. The scope was significant and the timeline was tight. He worked through the forensic investigation methodically, identified what had been accessed, and gave us a clear picture of exposure before we had to make any reporting decisions. Exactly the kind of professional you want when the stakes are high.
After a phishing incident that nearly compromised a client wire transfer, we needed someone who understood both the technical side and the urgency. Eric contained it fast, explained every step clearly, and helped us put the right controls in place so it would not happen again. I would recommend him to any firm that takes client trust seriously.
Most firms are. A 30-minute free consultation will tell you where the biggest gaps are. No pitch, no obligation — just an honest look at where you stand.
Book Your Free Consultation