Our Services

End-to-End Cybersecurity Services for enhanced Cyber Risk Management. Helping you see through the Fog so that you focus on what is important to your business.

Microsoft 365 Foundations Benchmark

This security Configuration Benchmark for Microsoft 365, provides prescriptive guidance for establishing a secure configuration posture for Microsoft 365 running on any OS. This guide was created by CIS, tested against Microsoft 365, and includes recommendations for Exchange Online, SharePoint Online, OneDrive for Business, Skype/Teams, Azure Active Directory, and inTune.

CyberCrowd uses this Benchmark to assess the Microsoft 365 implementation of organisations who wishes to secure their solutions that incorporate Microsoft 365.

There are two assessments that can each be performed for the two main license type categories to which organisations usually subscribe to. Organisations typically subscribe to an E3 or E5 license agreement. CyberCrowd can perform two different type of assessessments against each of these two license types.


Level 1

This is the base level assessment for all organisations that uses Microsoft Office 365 and a good place to start. Items in this profile apply to customer deployments of Microsoft 365 with an E3 license and intend to:

  • be practical and prudent.
  • provide a clear security benefit & not inhibit the utility of the technology beyond acceptable means.

Achieving this benchmark is usually sufficient for many customers. However, customers that are licensed for E5 can have a more in depth assessment done that incorporates the features of the advanced E5 licensing model. This model has the same three objectives as the E3 level 1 assessment mentioned above.


Level 2

This profile extends the Level 1 assessment and can be tested for organisations that use either the E3 or the E5 license model and exhibits one or more of the following characteristics:

  • are intended for environments or use cases where security is paramount.
  • acts as defense in depth measure.
  • may negatively inhibit the utility or performance of the technology.

After we have scanned your systems on their levels of compliance against these powerful best practices, we will provide you with reports that give actionable insights. We will also do the following:

  • Provide steps to remediate configuration policies for your systems, based on the CIS benchmarks.
  • Monitor your organisation's security performance.
  • Track your implementation of these remediation tasks.
  • Share compliance status with auditors, regulators and business partners.