Microsoft Entra ID Analysis

An independent security analysis and review of the Microsoft Entra ID environment. 

Improsec delivers an independent security analysis and assessment, providing management and the IT security organization with a clear overview of the basic security controls implemented in Microsoft Entra ID compared to vendor best practices.

Value

Analysis and assessment of the security posture in an Microsoft Entra ID environment

  • An evaluation of asset and resource security misconfigurations

  • Manage the risks associated with adoption and utilization of Microsoft Entra ID

  • Ensure policies and security controls are implemented according to requirements

  • Enhance and improve security to protect the Microsoft Entra ID environment

Method

The security assessment, is, based on Cloud Security Alliance’s (CSA) “Security Guidance for Critical Areas of Focus in Cloud Computing”, “CIS Microsoft Azure Foundations Benchmark” and our knowledge and experience. Microsoft’s best practices in conjunction with the benchmarking frameworks are tailored to your specific setup and configurations.

The assessment includes evaluations of:

  • Security Principals, which includes: Users, Groups, and Service Principals

  • In-built and Custom Role assignments

  • Access controls and user permissions (internal/external)

  • Modern security perimeter usage (Conditional Access)

  • Utilization and configuration of security solutions

  • Collaboration- and external identity settings

  • Application registration- and Enterprise Application usage

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision-makers

  • A technical section including detailed observations and tangible recommendations to strengthen the level of security and recommendations on how hardening can be applied.

Involvement

The delivery requires minimal involvement of your technical staff.