Azure & Microsoft 365 Security Audit

Who it's for

This audit is designed for Quebec SMBs with 50 to 100 employees using Microsoft 365 and Azure, who want a complete and honest view of their current security posture — without unnecessary jargon.

Also suited for SMBs that have experienced a security incident, face a client or insurance requirement, or want to validate their configurations before continuing their growth.

Audit scope

• Complete Microsoft 365 tenant review — settings, policies, identities
• Azure posture analysis — subscriptions, resources, IAM, network
• Microsoft 365 Secure Score and Azure Defender for Cloud assessment
• Admin accounts and high-privilege access verification
• Conditional Access policies and MFA coverage review
• Email protection analysis (anti-phishing, anti-spam, DMARC/DKIM/SPF)
• Unsecured data sharing identification (SharePoint, OneDrive)
• Audit logs and active security alerts review

Deliverables

• Complete audit report — documented baseline, screenshots, evidence
• Prioritized risk matrix — critical, high, medium, low
• Actionable recommendations for each identified risk
• 30/60/90-day action plan — sequenced and realistic for your team
• Debrief presentation with your leadership or IT team

30/60/90-day action plan

Format and timeline

The audit takes place entirely remotely over 2 to 3 weeks. It requires read-only access to your Microsoft 365 tenant and Azure subscription — no changes are made during the audit phase.

• Week 1 — Data collection and analysis
• Week 2 — Report writing and action plan development
• Week 3 — Debrief presentation and Q&A