Summer Regulatory Summit eBook

3. Microsoft 365 Hardening

o If the Organization has implemented a Microsoft 365 environment, has the Organization had an independent review of the environment? o What license(s) does the Organization hold (several available including E3, E5, Business Premium)? o Who setup and manages the environment (in-house or outsourced to MSP)?

CONTROL

o Best practice to perform assessment o Based upon Center for Internet Security (CIS) Microsoft 365 Benchmarks (most recent version is v3.1.0 from May 2024)

GUIDANCE

© SBS CyberSecurity, LLC www.sbscyber.com

10