Soteria Inspect for Microsoft 365 provides automated, comprehensive configuration scans and recommended configuration changes using the Soteria Inspect software-as-a-service (SaaS) platform with a web UI and automated report delivery. Soteria Inspect for 365 aids organizations in identifying areas of risk and misconfiguration with the ability to track mitigations and identify changes over time using the same Inspectors as our open source project (https://github.com/soteria-security/365Inspect).

Description

Soteria Inspect gives organizations enhanced confidence that their Microsoft 365 environment is securely configured and stays secure.

Targeted problems

Configuration visibility

• Unknown risk in a business critical area without visibility to misconfigurations

• Clients are often unaware of their security posture

• Clients rely on default configurations with an assumption of security and best practices

Managing configuration change

• Microsoft sometimes introduces features that require client action to opt-out, which can apply configurations that do not align with the client’s security requirements unless action is taken

• Administrators of larger organizations will make frequent changes to their Microsoft tenant and may introduce risk via configuration drift

Establishing a clear target for security configurations

• Microsoft 365 license tiers occasionally introduce additional confusion in options and configurations available on a per-user basis

• Many configurations are not audited via standard tools, leaving security blindspots and introducing risk

• Regulatory frameworks have specific requirements for feature-enablement and configurations

Complex setup and execution of assessment tools

• Other configuration-assessment tools can be difficult to set up and execute, requiring technical staff and specialized knowledge

Core Features

Inspect scan results

The Soteria Inspect web user interface provides a prioritized set of scan results. Each scan result represents a specific configuration finding that clients can use to improve their security posture.

Detailed finding information

Each finding provides detailed background information, the finding status and severity, detailed remediation information, references to additional information, and a list of the client tenant objects affected by the finding.

Scheduled recurring scans

Scans are scheduled to run on a periodic basis to ensure configurations changes are visible over time. Provides visibility for Microsoft and client changes.

Highlighted differences between scans

Changes in scan results are highlighted and indicate new, modified, and remediated findings.

Finding history

The history of each finding from previous scans is available to explore in the user interface.

User management

Manage Inspect users and invite additional users from your tenant.

Pausing Inspectors

Clients can pause individual inspectors, temporarily or permanently, to customize findings and focus on configurations that need attention.

Guided online onboarding

Once your subscription through the Marketplace is completed, Soteria will contact you and schedule a call to coordinate onboarding. The onboarding process is quickly completed on the video call with Soteria Inspect support staff. The onboarding process requires the customer on the call to have the Global Administrator role in the client’s Microsoft 365 tenant. Administrator credentials are not provided to Soteria staff. Soteria Inspect support staff will never request administrator credentials in your tenant.

Single sign on (SSO) with Entra ID (Azure ID)

Entra ID integrated SSO enables clients to access Soteria Inspect for Microsoft 365 using existing Microsoft account credentials.