CyberOwl360 can help your business achieve your broader security objectives and identify current and real threats with our Security Audit across your current IT stack.

Our Security Risk Assessment spans one week and is designed to identify existing and ongoing security threats within your cloud environment. The primary goal is to enhance your understanding of these threats while exploring methods to accelerate your security journey through the implementation of the latest tools and technologies.

Engagement highlights:

• To ensure a robust security posture, it is essential to start by reviewing your security goals and objectives. This involves a thorough examination of the existing landscape to identify potential threats and uncover vulnerabilities within your environment.

• Once threats and vulnerabilities are identified, it’s important to map them to specific solution recommendations tailored to address those challenges effectively.

• Finally, collaborating with relevant stakeholders to develop joint plans and outline next steps will help ensure that everyone is aligned and ready to enhance overall security measures..

Full-scale IT & Cybersecurity Audit

Security Audit Checklist (Aligned to essential 8 + industry best practices)

1. Identity & Access Management

1.1 Multi-Factor Authentication (MFA)

• Users without MFA enabled

• Admins without MFA enforced

• MFA enforcement model (Security Defaults vs Conditional Access)

• Phishing-resistant methods availability (Authenticator number match, FIDO2)

• Legacy authentication enabled accounts/protocols

• Service accounts exempted from MFA

• Break-glass accounts inventory & protections

1.2 Conditional Access (CA)

• Policies requiring MFA for all users/cloud apps

• Policy to block legacy authentication

• Policies requiring device compliance / hybrid join for key apps

• Sign-in risk & user risk conditions in use

• Location restrictions (trusted named locations/geo blocks)

• Session controls (MCAS / App Control) for unmanaged devices

• Unused, disabled, or conflicting CA policies

1.3 Privileged Access / RBAC

• Members of Global Admin and other high-privilege roles

• Permanent vs eligible (PIM) role assignments

• Privileged accounts without MFA

• Emergency “break-glass” accounts and monitoring

• Access Reviews for privileged roles & guest users

2. Device & Endpoint Security (Intune / Defender for Endpoint)

• Devices not enrolled in Intune / unmanaged endpoints

• Devices not compliant with baseline policies

• Encryption status (BitLocker/FileVault) & password/PIN policies

• Windows Defender Antivirus active & settings (any other antivirus settings)

• Antivirus plan (free version or not)

• Defender for Endpoint onboarding coverage & sensor health

• EDR in block mode / Automated Investigation and Response (AIR) status

• Device risk level integration with Conditional Access

• Mobile Device Management (MDM/MAM) enforcement incl. BYOD

• Security baselines deployment (Windows/macOS) & update cadence

3. Email & Collaboration Security

3.1 Exchange Online Protection (EOP) / Defender for Office 365

• Anti-phishing, anti-spam, anti-malware policies in place

• Safe Links configuration (Email, Office, Teams)

• Safe Attachments configuration (Email + SPO/OD/Teams)

• Quarantine & end-user release settings

• Mail flow (transport) rules review (forwarding, allow lists, risky patterns)

• Impersonation protection (users/domains) & VIP coverage

• Preset Security Policies (Standard/Strict) usage

• DMARC

• DKIM & SPF

3.2 SharePoint / OneDrive / Teams

• External sharing defaults (tenant & site level) – Anyone vs Specific people

• Sharing from unmanaged devices (web-only/restricted)

• Sensitivity labels for SharePoint sites / Teams

• DLP policies covering SPO/OD/Teams

• Teams guest access & external federation settings

• Public/anonymous links inventory & revocation process

·       SharePoint permission model (permission matrix vs. ad-hoc)

·       SharePoint broken permission inheritance & unique permissions review

·       Deep/nested folder structures in SharePoint are impeding scalability

·       SharePoint data classification, searchability, and AI (Copilot) readiness

·       Volume of data on local drives/servers (outside M365 governance)

·       Data archiving policies & solution in place (for M365/SharePoint)

4. Information Protection & Governance (Purview)

• Sensitivity label taxonomy & publication (mandatory labelling where needed)

• Auto-labelling policies (simulation/enforcement)

• DLP policy coverage (Exchange, SharePoint, OneDrive, Teams chat)

• Use of sensitivity labels as DLP conditions

• Retention policies/labels & records management

• Insider Risk Management policies (if licensed)

• Audit log status and retention period

• Communication Compliance (if applicable)

5. Threat Detection & Response (Microsoft 365 Defender)

• Active incidents & alert backlog (triage SLAs)

• Threat Explorer/Real-time detections usage

• Automated investigation and response (AIR) status

• Entra ID Protection (risky users/sign-ins) status & trends

• OAuth app consents / risky or over-privileged apps

• Defender for Identity (if hybrid AD) deployment status

• Defender for Cloud Apps (MDCA) policies (impossible travel, mass download, OAuth)

• SIEM/SOAR integration (Sentinel/connectors, analytics rules)

6. Compliance & Reporting

• Secure Score (overall & by category) – top unaddressed actions

• Compliance Score (Data Protection Baseline & required regs)

• eDiscovery (Standard/Premium) configuration & legal hold coverage

• Mailbox auditing status

• Data residency confirmation & regulatory mappings

7. Tenant Hygiene & Safety Nets

• Admin consent workflow and app governance

• App registrations: expiring secrets/certificates; least-privilege scopes

• Mailbox auto-forwarding to external domains

• Exchange transport rules: risky patterns (bypass spam/phish)

• Guest user inventory, lifecycle, and Access Reviews

• Non-licensed users using organisation resources, collaboration features with colleagues

• Allowed/blocked domains list for collaboration/sharing

• Customer Lockbox (if applicable)

• Information Barriers / Sensitivity-based site restrictions (if applicable)

• Backup/restore posture for Exchange/SPO/OD (third-party or retention-based)

8. AI Usage & Data Assessment

·       Inventory of public AI tools in use by employees. Review of public AI tool terms of service for data training/exposure risk

·       Adoption rate and usage of corporate  AI tools

·       Employee AI readiness and safe usage training assessment

·       Classification of organisational data (PII, IP, financial) vulnerable to AI exposure

·       Network/MDCA log review for discovery and blocking of high-risk AI applications

Website Audit

• Website has MFA for admins and users

• Website allows anonymous comments

• The website has a firewall to block blacklisted IPs, regions, etc.

• Website content is fast and loads properly on all devices

• Admins and stale accounts

• Search engine optimisation (SEO) checks

• Is the website content AI-ready (99 out of 100 searches today are fetched through AI answers, and they don't land directly on any website. Websites should be AI content-ready to be relevant in these searches)