Microsoft & Multi-Cloud Security Penetration Testing: 5-Day Assessment


CREST certified Ethical Hackers from BDO perform penetration tests on your Microsoft and Multi-Cloud environment and test the setup of Microsoft Azure AD, Defender, Sentinel and Purview.

CREST certified Ethical Hackers from BDO Digital carry out penetration tests on your Microsoft and multi-cloud environment, and the design of your Microsoft Azure and Microsoft 365 environments, carefully checking for vulnerabilities, configuration errors and other cybersecurity risks. Not only is the use and design of the correct protection measures such as Microsoft Azure AD, Microsoft Defender, Microsoft Sentinel and Microsoft Intune tested, but the configuration of the correct compliance tooling, such as Microsoft Purview, can also be examined.

Ethical Hacking Test Formats

  • White Box: White Box tests are carried out based on information known in advance, such as login details, which allows more specific testing of certain elements.
  • Gray Box: With Gray Box testing, limited information is known about the infrastructure, but is investigated to see to what extent more information can be found about the subject under investigation.
  • Black Box: In a Black Box investigation, no information is known in advance. In this scenario, security is tested without prior knowledge of the environment.
  • Custom: For specific requirements, such as very sensitive environments or multi-disciplinary assignments such as Red or Purple Teaming, we will draw up a tailor-made proposal in consultation.
  • Execution

  • Clear coordination of the scope and objective of the security and/or penetration test, taking into account specific industry, business and environmental characteristics
  • Threat analysis through a joint assessment of potential cybersecurity threats
  • Test design, based on the previous points, this can be focused, for example with or without 'credentials', on one or more specific environments, searching for sensitive information such as financial data or IP, accessible systems, network infrastructure, certain applications, etc.
  • Implementation based on best practices, right tools and specific expertise, according to (international) standards such as OWASP, NIST 800-115
  • Testing for the correct implementation of frameworks such as ISO 27001, NIST, BIO or NEN) or specific framework requirements such as DigiD or PCI DSS
  • Vulnerability scan to identify vulnerabilities in applications and infrastructure
  • Penetration test that includes an attempt to gain access to the applications, systems and data in scope.
  • Delivery

  • A thorough test tailored to customer needs, scope and threats
  • Support for audit purposes
  • Clear report in understandable language and heat map
  • Clear context with Common Vulnerabilities and Exposures (CVE)
  • Immediate response to serious detected vulnerabilities
  • Clear and coordinated risk rating and explanation of impact
  • Points for improvement and clear advice, including on the design of Microsoft Azure and Microsoft 365
  • Advice on Microsoft Defender, Microsoft Sentinel, Microsoft Intune and Microsoft Purview applications
  • Management summary.