Home / Microsoft Security Consulting Services

Microsoft Security Consulting Services

Securing Microsoft Platforms, Software & Services
Risk/Vulnerability Assessment & Remediation Planning
Consensus-Based, Best-Practice Security Configuration

Secure your digital world.

A solid security posture is more than just an end-point solution. Businesses need to know that their hardware, services and networks are protected from bad actors, whose only mission is to disrupt their activities. By utilizing internal best practices, the Microsoft Security stack, and consensus baselines provided by the Center for Internet Security (CIS), our team of security professionals conduct risk-based bench-marking exercises on Microsoft’s platforms, hardware and cloud-based services resulting in gap analysis, remediation planning and information security roadmaps and ultimately, a hardened environment.

Service Details

Risk Assessment & Remediation

IncWorx will assess your organization’s security posture, produce a remediation plan and work closely with you to harden your environment. Services include:

  • Risk and Vulnerability Assessment
  • Remediation Planning
  • Information Security Roadmaps

Microsoft Security Stack

IncWorx can assist your organization with leveraging Microsoft tools that are available to help protect against targeted threats and insider attacks, including:
 

  • Azure Security Center
  • Azure Advanced Threat Protection
  • Office 365 Advanced Threat Protection

Microsoft Platform Security

IncWorx helps organizations securely configure these and other Microsoft technologies.

Microsoft Azure

Security assessment for your Microsoft Azure IaaS cloud platform covering approximately 100 recommendations across 8 areas, including:

  • Identity and Access Management
  • Security Center
  • Storage Accounts
  • SQL
  • Logging and Monitoring
  • Networking
  • Virtual Machines
  • Other Security Considerations

Microsoft SQL Server 2016

Security assessment for your Microsoft SQL Server environment covering approximately 40 recommendations across 8 areas, including:

  • Installation, Updates and Patches
  • Surface Area Reduction
  • Authentication and Authorization
  • Password Policies
  • Auditing and Logging
  • Application Development
  • Encryption
  • Additional Considerations

**Benchmarking and remediation also available for SQL Server 2008 R2, SQL Server 2012, SQL Server 2014.

**Azure SQL is covered under Microsoft Office 365.

Microsoft SharePoint 2016

Security assessment for your Microsoft SharePoint on-premises environment covering approximately 40 recommendations across 7 areas, including:

  •  Settings
  • Access and Permissions
  • Secure Infrastructure Design
  • Authentication
  • Auditing
  • Services and Connections
  • Web.Config Configuration

Microsoft Office 365

Security assessment for your entire Office 365 tenant covering approximately 40 recommendations across 4 areas, including:

 

  • Security Management
  • Threat Protection
  • Identity and Access Management
  • Information Protection

Microsoft Exchange Server 2016

Security assessment for your Microsoft Exchange Server covering approximately 50 recommendations across 3 areas, including:

  • Transport
  • Mailbox
  • Other

**Benchmarking and remediation also available for Exchange Server 2010, Exchange Server 2013.

**Exchange Online is covered under Microsoft Office 365.

SharePoint Online

Security assessment for your SharePoint Online instance covering approximately 50 recommendations across 3 areas, including:

  • Policies
  • Settings
  • Sharing

 An outside look from an unbiased third-party is crucial to a thorough security assessment.

FAQ

Frequently Asked Questions

What Microsoft products do you cover?

Our security services currently support all of the following: Azure, Office 365, Exchange Online, Exchange Server, SharePoint Online, SharePoint Server, SQL Server, Windows Server.

When should we use Multi-Factor Authentication?

You should enable MFA when you require across the board, two-factor authentication. This eliminates the ability for potential attackers to simply hack or steal a password to gain access to your sensitive data.

When should we use Conditional Access Policies?
You should set Conditional Access Policies when you need to be more selective and granular with regards to who can access your cloud apps. Currently, the following Microsoft cloud apps support conditional access policies:
  • Azure Information Protection
  • Azure RemoteApp
  • Azure SQL Database
  • Microsoft Dynamics 365
  • Microsoft Office 365 Yammer
  • Microsoft Office 365 Exchange Online
  • Microsoft Office 365 SharePoint Online (includes OneDrive for Business and Project Online)
  • Microsoft Power BI
  • Azure DevOps
  • Microsoft Teams
What can Azure Advanced Threat Protection (ATP) detect?
Azure ATP helps detect suspicious user activities and advanced attacks that threaten your organization. Security alerts are divided into the following phases across the cyber-attack kill chain:
 
Reconnaissance
Rogue users and attackers attempting to gain information.
 
Compromised Credentials
Brute force attacks, group membership changes, and other forms of attempting to compromise user credentials.
 
Lateral Movements
Pass the Ticket, Pass the Hash, Overpass the Hash, and other lateral moves inside the network attempting to gain further control of sensitive users.
 
Domain Dominance
Remote code execution on the domain controller, malicious domain controller replication, Golden Ticket activities, and other signs of domain dominance behavior by attackers.
 
Exfiltration
Suspicious communication over DNS and data exfiltration over SMB.
How does Office 365 Advanced Threat Protection help?
Protection through Office 365 ATP is determined by policies that your organization’s security team defines for Safe Links, Safe Attachments, and Anti-Phishing. It’s important to define policies, and to periodically review and revise those policies to keep them up to date and to take advantages of new features that are added to the service. Following are ways Office 365 ATP helps protect your organization:
 
  • Scanning email attachments for malware
  • Scanning web addresses (URLs) in email messages and Office documents
  • Identifying and blocking malicious files in online libraries
  • Checking email messages for unauthorized spoofing
  • Detecting when someone attempts to impersonate your users and your organization’s custom domains

Schedule a meeting with our team!

[wpforms id="1422"]
<div class="wpforms-container wpforms-container-full" id="wpforms-1422"><form id="wpforms-form-1422" class="wpforms-validate wpforms-form" data-formid="1422" method="post" enctype="multipart/form-data" action="/microsoft-security-consulting-services"><noscript class="wpforms-error-noscript">Please enable JavaScript in your browser to complete this form.</noscript><div class="wpforms-field-container"><div id="wpforms-1422-field_0-container" class="wpforms-field wpforms-field-name" data-field-id="0"><label class="wpforms-field-label" for="wpforms-1422-field_0">Name <span class="wpforms-required-label">*</span></label><input type="text" id="wpforms-1422-field_0" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][0]" required></div><div id="wpforms-1422-field_1-container" class="wpforms-field wpforms-field-email" data-field-id="1"><label class="wpforms-field-label" for="wpforms-1422-field_1">Email <span class="wpforms-required-label">*</span></label><input type="email" id="wpforms-1422-field_1" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][1]" required></div><div id="wpforms-1422-field_3-container" class="wpforms-field wpforms-field-phone" data-field-id="3"><label class="wpforms-field-label" for="wpforms-1422-field_3">Phone</label><input type="tel" id="wpforms-1422-field_3" class="wpforms-field-large wpforms-masked-input" data-inputmask="&#039;mask&#039;: &#039;(999) 999-9999&#039;" data-rule-us-phone-field="true" name="wpforms[fields][3]" ></div><div id="wpforms-1422-field_2-container" class="wpforms-field wpforms-field-textarea" data-field-id="2"><label class="wpforms-field-label" for="wpforms-1422-field_2">How can we help you? <span class="wpforms-required-label">*</span></label><textarea id="wpforms-1422-field_2" class="wpforms-field-large wpforms-field-required" name="wpforms[fields][2]" required></textarea></div></div><div class="wpforms-field wpforms-field-hp"><label for="wpforms-1422-field-hp" class="wpforms-field-label">Phone</label><input type="text" name="wpforms[hp]" id="wpforms-1422-field-hp" class="wpforms-field-medium"></div><div class="wpforms-submit-container" ><input type="hidden" name="wpforms[id]" value="1422"><input type="hidden" name="wpforms[author]" value="2"><input type="hidden" name="wpforms[post_id]" value="730"><button type="submit" name="wpforms[submit]" class="wpforms-submit " id="wpforms-submit-1422" value="wpforms-submit" aria-live="assertive" data-alt-text="Sending..." data-submit-text="Submit">Submit</button></div></form></div> <!-- .wpforms-container --><div></div>