Microsoft Cloud
Security Assessment
Trimarc reviews your Microsoft Cloud environment (Entra ID & Microsoft Office 365) and provides prioritized, actionable recommendations
Trimarc has been researching Azure AD & Microsoft Office 365 security since 2016. Trimarc CTO, Sean Metcalf, performed one of the first talks at DEF CON about Microsoft cloud security in 2017. During this talk, he expressed concerns relating to potential attack methods that attackers have used in recent years, including Azure AD Connect and "Golden SAML".
Microsoft Cloud Security Assessment Overview
The Trimarc Microsoft Cloud Security Assessment (MCSA) provides an in-depth security analysis of the Entra ID (formerly Azure AD) & Microsoft Office 365 tenant and focuses on the most important security configuration controls, including administration, access controls, and key security features. The MCSA identifies issues in the environment that attackers could leverage to access data, escalate permissions, and persist. Trimarc reviews the Microsoft Cloud configuration using a proprietary Trimarc toolset and the Microsoft Cloud web portal.
-
Assessment Findings & Recommendations
-
Existing Mitigations
-
Most Significant Findings
-
Recommended Remediation items
-
-
Microsoft Cloud Tenant Architecture
-
Tenant Information
-
Subscriptions
-
Entra ID Connect
-
Entra ID Accounts
-
Entra ID Devices
-
-
Microsoft Cloud Administration, Privileged Groups, Permissions, & Rights
-
Microsoft Cloud Administration
-
“Break Glass” Cloud Administrator Account
-
Privileged Roles & Accounts
-
Privileged Identity Management (PIM)
-
Entra ID Applications
-
-
Exchange Online Configuration
-
Exchange Configuration
-
Exchange Security
-
-
Security Controls, Auditing, & Service Access
-
Conditional Access
-
Auditing
-
External Sharing
-
-
APPENDIX: Microsoft Office 365 Subscriptions
-
APPENDIX: Trimarc Recommended Best Practices for Securing the Microsoft Cloud
-
APPENDIX: Resources & References
Trimarc MCSA Key Components
-
Current tenant configuration
-
Administration
-
Privileged Roles and Accounts
-
Entra ID (formerly Azure AD) PIM configuration (if applicable)
-
Entra ID AD applications and permissions
-
Entra ID Multi-Factor Authentication (MFA) configuration
-
Conditional Access
-
Entra ID Connect Configuration (based on tenant data)
-
Exchange Online