Microsoft 365 & Google Workspace Security.

Overview

Business email compromise and cloud account takeover are among the most common and costly incidents for mid-market companies, and the default tenant configuration is rarely enough. We assess your Microsoft 365 or Google Workspace tenant against the CIS Benchmarks and vendor security baselines, then harden identity, mail flow, external sharing, data-loss prevention, and audit logging in a change-controlled way, validating each change so productivity is not broken.

What's included

• Tenant assessment against the CIS Microsoft 365 / Google Workspace Benchmarks
• Identity and conditional access: MFA enforcement, legacy-auth blocking, risk policies
• Email security: anti-phishing, anti-spoofing (SPF, DKIM, DMARC), safe links and attachments
• External sharing and data-loss-prevention (DLP) policy review and tuning
• Audit logging and alerting enabled and routed where they will be seen
• Privileged-admin review and break-glass account setup
• Post-change validation and a documented configuration baseline

What we harden

• Identity. MFA, conditional access, legacy authentication, and risky-sign-in policy.
• Email. SPF, DKIM, DMARC, anti-phishing, and impersonation protection.
• Data. External sharing, guest access, and data-loss-prevention rules.
• Visibility. Unified audit logging, alerting, and admin accountability.

What you get

• Hardening report. Tenant scored against the CIS Benchmark with prioritized findings.
• Configuration baseline. The target settings, documented so drift can be detected later.
• Change log. Every change made, why, and how it was validated.
• Monitoring plan. What to alert on and who responds, for email and identity events.

Common questions

Next step