Mandiant Security for M365: 3-Wk Assessment


Evaluate your Microsoft 365 cloud implementation and receive expert recommendations for hardening priorities based on real world incidents where threat actors have gained access to an M365 tenant.


The Mandiant Security Assessment for Microsoft 365 was developed based on extensive experience responding to incidents affected by the compromise of an organization’s M365 tenant. By proactively reviewing and mitigating common misconfigurations, process weaknesses, and exploitation methods, organizations can reduce overall risk and ensure optimized protection and visibility.

The assessment evaluates policies, standards, configurations, and procedures supporting the implementation of the solution on six focus areas:

  • Security Architecture and Hardening
  • Identity and Access Management
  • Visibility
  • Data Protection
  • Disaster Recovery
  • Threat Detection and Response

Mandiant does this with a deep understanding of threat actors and their rapidly changing TTPs from leveraging our combined adversary, machine and victim intelligence from the frontlines, since 2004.

Our Approach

This assessment typically takes three weeks, during which Mandiant experts map your existing M365 tenant and determine how your current security program works to protect it:

Week 1: Documentation Review & Remote Workshops: A remote review of migration strategies, email design and architecture documentation, hardening documentation, logging standards and Mobile Device Management (MDM) configurations as they relate to accessing a Microsoft 365 tenant. This is followed by a series of remote workshops in collaboration with key client stakeholders.

Weeks 2-3: Configuration Review & Reporting: A thorough configuration review of the M365 tenant to ensure that security configurations are optimized in accordance with hardening, security, and protective guidance. Mandiant prepares a report that details practical technical recommendations to harden the Microsoft tenant, enhance visibility and detection and improve processes to reduce the risk of compromise for the related infrastructure.