Welcome Xcellator

XcellSecure SM | Microsoft 365 Security Assessment

One of the most popular enterprise tools in the world can also be a company’s greatest hidden vulnerability if left unchecked.
XcellHost is uniquely qualified to deliver an Microsoft 365 Security Assessment for your organization, providing you with a customized, prioritized and actionable roadmap.

Buy Now Schedule Demo Take Tour Play Video
MicrosoftTeams-image (61)

what you get

AD Synchronization Services Evaluation
Recommendations For Security Hardening
Synchronization Accounts & Permissions
Synchronization Services Setup & Location
High Availablity Synchronization Tools
Services Microconfigurations (OneDrive, SharePoint, Exchange, Etc.)

Key Benefits

Data Leakage Control Review
Review Of Compliance Enablement
Incident Response & Recoveryg Readiness Review
Evalutiong Of Microsoft 365 Value Attainmentg
Identityg & Access Control Review, Cost
Gather Security Assessment Data Using Automated Tools.

How the Assessment Works

The objectives of the Microsoft 365 Security Assessment are as listed below. Our team will take the time to meet with your staff and fully understand your business and security
concerns. From there, we will utilize the Secure Score tool to provide the recommendations and roadmap that you need.

Understand cloud security objectives and requirements

We work with your staff to gain an understanding of your business requirements and how they drive security your objectives and requirements.

Microsoft 365 security readiness

We provide guidance, recommendations and best practices on how to successfully implement microsoft 365 security features

Create an Microsoft 365 security roadmap

We provide a prioritized and actionable microsoft 365 security roadmap based on your security objectives and requirements

Common Authentication Platforms & Common
Access Controls

Security Architecture and Hardening
Identity and Access Management
Threat Detection
and Response

Assessment Duration

The O365 security assessment typically takes four weeks, consisting of four phases plus one optional phase.
Mandiant consultants perform the following activities

Documentation Review
0.5 week

Includes an offsite review of migration strategies, email design and architecture documentation, hardening documentation, logging standards and Mobile Device Management (MDM) configurations as they relate to accessing an M365 tenant.

Optional Security Testing
0.5 week

A remote security configuration test of the M365 tenant with the goal of identifying legacy portals, misconfigured applications and related infrastructure (such as ADFS Servers), weak user credentials and other ways to bypass implemented security controls.

2 week

A report that details practical technical recommendations to harden the M365 tenant, enhance visibility and detection and improve processes to reduce the risk of compromise for the cloud tenant and related infrastructure.

Configuration Review
1 week

A thorough configuration review of the M365 tenant to ensure that security configurations are optimized in accordance with hardening, security, and protective guidance.

Onsite Workshops
1 week

A series of onsite workshops for each core focus area in collaboration with key client stakeholders.

Assessment Timeline

The Office 365 Security Assessment typically consists of a kick-off meeting followed by the 2-day on-site assessment. Following the assessment, we gather the data together
and compile the results into and actionable report.

Week Four
  • On-site workshops covering:
  • Security objectives and requirements
  • Microsoft 365 security readiness
  • Microsoft 365 security assessment
  • Microsoft 365 security roadmap
Week Two and Three
  • Customer to complete/return questionnaire
  • Customer to export and send Secure Score data
  • Analyse questionnaire and Secure Score data
Week One
  • Kick-off meeting
  • Provide pre-assessment questionnaire
  • Provide instructions on how to export Microsoft 365 Secure Score data


At the completion of the engagement, Mandiant provides a detailed report that includes:

  • A snapshot of the existing O365 tenant security configuration.
  • Specific O365 security best practices to align with current configurations and operational processes.
  • Practical recommendations for enhancing visibility and detection.
  • Prioritized and detailed recommendations for further hardening the security posture of the O365 tenant.

What We Do

Some of the products and tools covered in the Microsooft 365 Security Assessment include

  • Microsooft 365 Secure Score
  • Advanced Security Management
  • Advanced Thread Protection (ATP)
  • Advanced Threat Intelligence
  • Advanced Data Governance
  • Advanced eDiscovery
  • Multi-factor Authentication
  • Azure Information Protection
  • Conditional Access
  • Privileged Identity Management

Vision, objectives & approach

Help manage cybersecurity risk

Customers cloud based technologies and productivity workloads change the cybersecurity attack surface which needs to be managed using available security controls in order to mitigate risk

Customer education on productivity security features and identify gaps

Provide an overview of Microsoft 365 security controls as well as guidance + additional readiness content

Identify potential security challenges

Determine the current state of Microsoft 365 security. Discuss and create a prioritized, actionable security roadmap for the customer

Understand cloud security objectives and requirements

Gain a common understanding of cloud security objectives and requirements

Microsoft 365 security readiness

Provide guidance, recommendations and best practices on how to successfully implement Microsoft 365 security features

Create an Microsoft 365 security roadmap

Provide a prioritized and actionable Microsoft 365 security roadmap. Map Microsoft 365 security capabilities to customer security objectives and requirements

Secure Score
  • Use Microsoft 365 Secure Score to understand current security baseline
  • Track score improvements over time
  • Track configuration drift, using scheduled reviews

Prioritize the security actions from Secure Score based on user impact and implementation cost

Build Roadmap

Build a roadmap for the implementation of the prioritized security actions

  • Design and deploy the recommended security actions in the roadmap
  • Not in scope as part of this engagement

microsoft 365 SECURE SCORE

Microsoft 365 Secure Score is a Microsoft security analytics tool. Secure Score provides security insights and takes into account what security controls of Microsoft 365 have been enabled. Additionally, the score can be used to benchmark an organization against others. XcellHost uses results of Secure Score to provide guidance on Microsoft 365 features that will improve your security posture. The tool helps increase understanding and awareness of the Microsoft 365 security features and how they can be leveraged to improve your overall Secure Score results. XcellHost can help perform periodic re-assessments using the Secure Score tool and make adjustments to your Microsoft 365 environment to continue improving your security posture.

talk to our cloud expert

Microsoft 365 Security Assessment - WHAT OUR CUSTOMERS HAVE TO SAY?

Having this very powerful tool just included with our Microsoft 365 licenses is a fantastic value add.

-Arun Madhwani

Microsoft 365 Security Assessment is best‑in‑class productivity apps with core security and compliance capabilities.

-Dipak josh

Quick and Easy updates. Easier back end management of users and licenses. Infrastructure cost have gone down

-Kamal Chander


Our Microsoft 365 Security Assessment is a structured engagement that evaluates and prioritizes the Microsoft 365 tenant security settings of an organization. It is designed to identify weaknesses and gaps in your security, so you can make improvements and stay ahead of hackers. Every business has weaknesses in their cybersecurity and if like countless other businesses, you use Microsoft 365 it could be home to those weaknesses. Don’t let them go unnoticed and expose you to threats, get a Microsoft security assessment.

Some of the products and tools covered in the Office 365 Security Assessment include: · Office 365 Secure Score · Advanced Security Management · Advanced Thread Protection (ATP) · Customer Lockbox · Advanced Threat Intelligence · Advanced Data Governance · Advanced eDiscovery · Multi-factor Authentication · Azure Information Protection · Conditional Access · Privileged Identity Management

The Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure.

The popularity of and reliance on business collaboration platforms such as Microsoft 365 makes them high-value targets for attackers. The cloud deployment benefits of these platforms provide greater exposure than traditional hosted systems. The combination of being highly valuable to hackers as well as susceptible to attack makes them prime targets. As such, the security configuration of these platforms is paramount.

The fact Microsoft 365 presents possible cybersecurity risks is not widely recognized. If you don’t know that there is a risk, it follows that you would not carry out a security assessment. Furthermore, many companies do not have the experience to take advantage of the available tools to maintain and manage their Microsoft 365 security. This leaves businesses vulnerable to phishing attacks and ransomware, costing businesses huge sums. This could lead to additional damage from bad press, lack of trust from customers, and potential fines and penalties for failing to protect customer data.


Microsoft 365 offers a complete suite of applications, many of which are fundamental to running your business. They are not easily given up. Microsoft 365 is a crucial piece of many businesses and if not using it isn’t an option then making sure it is optimally secure is non-negotiable.


Microsoft 365 Security Assessment

Web Hosting

Shared Web Hosting

Shared hosting is a type of web hosting where a single physical server hosts multiple sites. Many users utilize the resources on a single server, which keeps the costs low. Users each get a section of a server in which they can host their website files.

GPU cloud-1

GPU Cloud

The cloud built for Machine Learning. Super powerful GPU-backed VMs in the cloud. The easiest way to get started with Machine Learning, Artificial Intelligence

Dedicated GPU Cloud

Dedicated GPU Cloud

Accelerate your machine learning and deep learning workloads with Tesla V100 and Nvidia T4 based GPU instances.