service · security audits
"We've got Microsoft, so we're fine." Are you, though?
Most SMEs have no real picture of their exposure, until an insurer, a customer questionnaire or an incident forces the question. We give you the honest read: where you're at risk, what to fix first, and proof it stays fixed.
A Microsoft 365 security audit measures your Microsoft 365 and Entra tenant against recognised benchmarks - Microsoft Secure Score, the CIS Microsoft 365 Benchmark, and New Zealand guidance like the NCSC advice and the Essential Eight - to show exactly where you're exposed and what to fix first. Instead of assuming you're fine because you have Microsoft, you get a measured baseline: MFA coverage, legacy authentication, admin and privileged access, conditional access, email security and external sharing, each scored against the standard. The output is a plain-English report that ranks risks by impact and starts with the cheap, high-impact fixes, not a 90-page PDF. It's the evidence you can hand an insurer, an auditor or a customer questionnaire - and the same checks can run monthly so your posture stays proven, not just fixed once.
the usual gaps
What we tend to find.
- No idea of actual exposure"We have Microsoft, so we're fine," with nothing measured to back it up.
- Questions you can't answerCyber-insurance forms and customer security questionnaires that stall the deal.
- Stale, over-privileged accessMFA gaps, legacy auth left open, admin rights that sprawled and never got cleaned up.
- One-off reports that gather dustA pentest from two years ago that no one has re-checked since.
what we deliver
Posture you can see and prove.
Baseline audit
Your Microsoft 365 and Entra posture measured against recognised benchmarks: Microsoft Secure Score, the CIS Microsoft 365 Benchmark, NZ-relevant guidance (NCSC / Essential Eight). The real number, not a vibe.
Prioritised remediation
The cheap, high-impact fixes first. Close MFA gaps, kill legacy auth, rein in admin sprawl, tighten sharing. A plain-English list ordered by impact, not a 90-page PDF.
Recurring assurance
A monthly or quarterly report showing the posture trend and that access is still correct. The evidence you hand to an insurer, an auditor or a customer.
common questions
Security audits, answered straight.
What does a Microsoft 365 security audit check?
How long does an audit take?
Will this help with cyber insurance?
Do you fix the issues or just report them?
start a conversation
Start with the baseline.
A fixed-price baseline audit is the front door. You'll know exactly where you stand and what's worth fixing first. No scare tactics, no upsell to things you don't need.