Microsoft Cloud Security Assessment

The assessment consists of performing a configuration review of Azure and O365 environments using the following methodology

Enumerate Access Permissions
During this phase, we identify the permissions that have been assigned to the test account. This determines the level of access that we have in the cloud environment, which will be used to identify the coverage of the configuration review.
Scan Cloud Environment
This involves running open-source tools that are used to map out the attack surface and identify potential attack paths within the cloud environment.
Identify Security Posture
In this phase, we assess the security posture of the cloud environment in Microsoft 365 Defender, which identifies the extent to which the cloud environment is aligned with Microsoft’s security best practices as well as areas that need to be addressed.
Assess Security of Configuration
Using the results from the previous two phases, the cloud environment is assessed for security misconfigurations that can result in a security breach. Where critical issues are identified, the point of contact is notified.
This phase concluded testing with thorough documentation of the vulnerabilities that were discovered. This includes detailed steps to reproduce the vulnerability, screenshots, a description of the impact and exploitability as well as various options for remedial action to mitigate the risk.