Retail & Hospitality
3B Data Security have investigated and implemented Microsoft Office 365 (now branded Microsoft 365) for a number of years, and because of this have spent a lot of time helping our clients secure and lock down its functions and improve the default security posture of a 365 system.
There are many different options that can be tailored to different use cases and differences in user knowledge or functions required for different organisations.
We have also investigated several hacking attempts and compromises against Microsoft 365 systems which again we learn from and wish to help others prevent similar instances. Understandably, we are seeing an uplift in Microsoft 365 related attacks and Business Email Compromises given the enforced push towards working from home. The need to secure these systems is even more important than before.
Consideration and knowledge of the security features and hardening configurations of Microsoft 365 is often overlooked or simply assumed to be there by default. Once the system is up and running, or the on-premises mailboxes imported and operational, or the licensing working, it is often ignored until an incident occurs. This is usually because of inadequate attention to the security elements in the planning and implementation stages and leaving the settings to their defaults.
Part of the Microsoft 365 security hardening lockdown service is undertaking a security gap analysis of the setup, configurations, functions, and features in use with the 365 system.
We will then provide guidance, recommendations and feedback for improvements, highlight risks and any potential unused features of the 365 system that can be installed, enabled or implemented to help improve the security, governance, or system hardening and management of the devices and system usage.
We can also help customise the features for different types of users, groups and job roles or increase the security for those risky users such as administrators, etc. We can review the global 365 settings, email configurations, Microsoft Teams, OneDrive, SharePoint, Intune configuration, and security hardening options.
The result is a more robust security posture and improved governance, even if it is just increasing the list of known unknowns and risks, and/or informing the decision makers of what potentially could happen to allow the risks to be registered.
We are also happy to help implement the appropriate recommendations and work with the relevant people to make positive changes, rather than just giving you a report that you still have to action.
There are many different options that can be tailored to different use cases and differences in user knowledge or functions required for different organisations.
We have also investigated several hacking attempts and compromises against Microsoft 365 systems which again we learn from and wish to help others prevent similar instances. Understandably, we are seeing an uplift in Microsoft 365 related attacks and Business Email Compromises given the enforced push towards working from home. The need to secure these systems is even more important than before.
Consideration and knowledge of the security features and hardening configurations of Microsoft 365 is often overlooked or simply assumed to be there by default. Once the system is up and running, or the on-premises mailboxes imported and operational, or the licensing working, it is often ignored until an incident occurs. This is usually because of inadequate attention to the security elements in the planning and implementation stages and leaving the settings to their defaults.
Part of the Microsoft 365 security hardening lockdown service is undertaking a security gap analysis of the setup, configurations, functions, and features in use with the 365 system.
We will then provide guidance, recommendations and feedback for improvements, highlight risks and any potential unused features of the 365 system that can be installed, enabled or implemented to help improve the security, governance, or system hardening and management of the devices and system usage.
We can also help customise the features for different types of users, groups and job roles or increase the security for those risky users such as administrators, etc. We can review the global 365 settings, email configurations, Microsoft Teams, OneDrive, SharePoint, Intune configuration, and security hardening options.
The result is a more robust security posture and improved governance, even if it is just increasing the list of known unknowns and risks, and/or informing the decision makers of what potentially could happen to allow the risks to be registered.
We are also happy to help implement the appropriate recommendations and work with the relevant people to make positive changes, rather than just giving you a report that you still have to action.

Microsoft (Office) 365 security review, configuration and security hardening assistance.
Microsoft (Office) 365 security investigations & Business Email Compromise investigations.
Microsoft (Office) 365 security configuration and implementation services.
Microsoft Teams configuration and security hardening.
Microsoft Intune Mobile Device Management deployments and security reviews.