Microsoft Cloud
Security Assessment

Trimarc reviews your Microsoft Cloud environment (Azure AD & Microsoft Office 365) and provides prioritized, actionable recommendations

shields.png
Trimarc-Logo-Clouds.jpg

Trimarc has been researching Azure AD & Microsoft Office 365 security since 2016. Trimarc CTO, Sean Metcalf, performed one of the first talks at the DEF CON conference about Microsoft cloud security in 2017. During this talk, he expressed concerns relating to potential attack methods that attackers have used in recent years, including Azure AD Connect and "Golden SAML".

Microsoft Cloud Security Assessment Overview

The Trimarc Microsoft Cloud Security Assessment (MCSA) provides an in-depth security analysis of the Azure AD & Microsoft Office 365 tenant and focuses on the most important security configuration controls, including administration, access controls, and key security features. The MCSA identifies issues in the environment that attackers could leverage to access data, escalate permissions, and persist. Trimarc reviews the Microsoft cloud configuration using a proprietary Trimarc toolset and the Microsoft cloud web portal.

  • Assessment Findings & Recommendations

    • Existing Mitigations

    • Most Significant Findings

    • Recommended Remediation items

  • Microsoft Cloud Tenant Architecture

    • Tenant Information

    • Subscriptions

    • Azure AD Connect

    • Azure AD Accounts

    • Azure AD Devices

  • Microsoft Cloud Administration, Privileged Groups, Permissions, & Rights

    • Microsoft Cloud Administration

    • “Break Glass” Cloud Administrator Account

    • Privileged Roles & Accounts

    • Privileged Identity Management (PIM)

    • Azure AD Applications

  • Exchange Online Configuration

    • Exchange Configuration

    • Exchange Security

  • Security Controls, Auditing, & Service Access

    • Conditional Access

    • Auditing

    • External Sharing

  • APPENDIX: Microsoft Office 365 Subscriptions

  • APPENDIX: Trimarc Recommended Best Practices for Securing the Microsoft Cloud

  • APPENDIX: Resources & References

SecurityFolder

Trimarc MCSA Key Components

  • Current tenant configuration

  • Administration

  • Privileged Roles and Accounts

  • Azure AD PIM configuration (if applicable)

  • Azure AD applications and permissions

  • Azure AD Multi-Factor Authentication (MFA) configuration

  • Conditional Access

  • Azure AD Connect Configuration (based on tenant data)

  • Exchange Online

Trimarc Sample MCSA Report Outline