Dunetrails Logo
Plan your Security Audit

Security Audit

Make your Microsoft 365 environment secure

Cyberattacks are becoming more targeted, faster, and increasingly automated. At the same time, your IT environment is growing more complex due to cloud adoption, remote work, mobile devices, and external collaborations.

Our Security Audit gives you a complete and objective view of how secure your Microsoft 365 environment is today, and where the biggest risks lie.

We provide clear insights, well-defined priorities, and concrete next steps.

Security Audit

What is a Security Audit?

The Security Audit is an independent assessment of the security of your Microsoft 365 environment.
We translate relevant compliance requirements (such as NIS2 and ISO 27001) into a clear and structured report.

The audit focuses on the full scope of Microsoft 365 security:

  • shield-iconsIdentity & Access
  • shield-iconsDevices
  • shield-iconsCloud Apps & Data
  • shield-iconsCollaboration & Email
  • shield-iconsSecurity Architecture
  • shield-iconsGovernance

This gives you an objective second opinion on your current setup: not only whether you are compliant, but also whether your environment is effectively and demonstrably more secure.
We assess your configuration against proven best practices, Zero Trust principles, and a documented audit framework, delivering clear findings, risk assessments, and recommendations.

What is included in the audit?

Identity & Access

We review how users and administrators sign in and what access they are granted:

  • Multi-factor authentication and sign-in methods
  • Access policies and context (location, device, risk)
  • Management of administrator roles and privileges
  • Protection against abuse of accounts and tokens

Devices & Endpoints

We analyze how laptops and mobile devices are secured:

  • Compliance and security requirements
  • Hardening of Windows and macOS
  • Encryption, updates, and patch management
  • Risk reduction for lost or unmanaged devices

Cloud Apps & Data

We examine how data and applications are used and protected:

  • Application access and integrations
  • Protection of sensitive data
  • Management of third-party apps and connectors
  • Risks related to data leaks and unauthorized access

Collaboration & Email

We analyze how securely collaboration takes place:

  • External users and guest access
  • Configuration of Microsoft Teams and SharePoint
  • Email security and protection against phishing
  • Restrictions on anonymous or external access

Our Audit Approach

Introduction Icon

Intake & Context

We start with a short introductory meeting to understand your organization, operations, and expectations. During this phase, we map your current Microsoft 365 and security architecture asis: which components are in place, how they are currently used, and what your short to midterm plans are.

Safety Icon

Technical Analysis

We conduct an indepth audit of your Microsoft 365 environment, based on recognized international security benchmarks.
The analysis consists of concrete configuration checks, with a strong focus on demonstrable risks and security maturity.
Your production environment remains 100% operational throughout the audit.

Report Icon

Clear Reporting

You receive a structured audit report including:

  • Identified risks, classified by severity (Critical, High, Medium, Low)
  • Correctly configured controls, as evidence of maturity and good practice
  • Concrete improvement recommendations, mapped to recognized reference frameworks and prioritized by risk and impact

Each finding is explained in clear, accessible language, with technical substantiation where needed.
This makes the report suitable for management decisionmaking, while also being immediately actionable for IT teams.

Consultation Icon

Advisory Session

During the advisory session, we translate the audit results into clear priorities and decisions. We distinguish between:

  • Critical risks that require immediate action
  • Structural improvements that should be planned
  • Conscious decisions to (temporarily) not address certain items

The outcome is a realistic, wellfounded action plan, aligned with your organization and future objectives.

What do you gain?

Meeting Image
  • Insight into real risks, based on your actual configuration
  • Clear priorities instead of fragmented or conflicting advice
  • Documented evidence for insurers, audits, and NIS2 requirements
  • Greater control and visibility over your Microsoft 365 environment
  • A secure and scalable foundation to support future growth

Are you subject to ISO 27001 or NIS2 requirements?
In that case, this audit report can be used as a periodic, independent review, as expected within these frameworks.

Not subject to these requirements (yet)? Then this audit is the ideal starting point to move your security posture forward in a few targeted steps, with clear insight into where you stand today and where to begin.

Case Study

How a single Security Audit led to fewer tools, greater control, and stronger security

The Challenge

An organization with ISO 27001 certification was facing an increasingly complex IT environment. Many employees used companyowned macOS laptops and iPhones, but these devices were managed as if they were BYOD. As a result, there was little consistent control, and management became fragmented across multiple tools:

  • macOS laptops and iPhones
  • Microsoft 365 Business Premium
  • An onpremises VDI environment for software development
  • Jamf for Apple device management
  • NinjaOne for part of the device management
  • Intune for other devices
  • SentinelOne as the XDR solution
Verified security audit

What was the impact?

  • Overlapping functionality
  • Complex management across multiple platforms
  • No uniform security policy
  • Increased risk of human error
  • Time loss due to fragmented tooling

Although the organization formally met ISO requirements, the overall landscape was unnecessarily complex and therefore more vulnerable than needed.

Audit Objectives

The organization aimed to:

  • Simplify the IT landscape
  • Increase its overall security level
  • Improve integration between macOS and Microsoft 365
  • Centrally manage all corporate devices
  • Maintain and strengthen ISO 27001 compliance

Analysis What we found

During the audit, we examined how identities, devices, cloud apps, and collaboration models were configured.

We identified three key bottlenecks:

  • Identities and access were not centrally managed
    macOS logins were disconnected from Microsoft 365, which meant Conditional Access, password policies, and MFA were not enforced consistently.
  • Device management was spread across multiple systems
    Macs were managed in Jamf, other devices in Intune or NinjaOne, and mobile phones were only lightly managed as if they were BYOD.
    → No uniform compliance, no consistent security baseline, and inconsistent patching.
  • Too many security tools performing overlapping functions
    SentinelOne alongside Microsoft Defender capabilities and MDM tools resulted in significant overlap, higher costs, and increased management overhead.
Analyzing Data Image

Our Recommendations

Fully integrate macOS with Entra ID

  • Single SignOn (SSO) for all employees
  • Strong, consistent authentication
  • One identity for all applications
  • No more standalone macOS accounts

Bring all devices under Intune MDM

Both macOS laptops and iPhones were fully onboarded:

  • One centralized compliance policy
  • Uniform configuration, updates, and security baseline
  • macOS and iOS finally truly corporatemanaged
  • Simple and clear reporting for audits

Apply Conditional Access based on device compliance

  • Only devices that fully meet policy requirements are granted access
  • Zero Trust in practice
  • No exceptions or security gaps
  • No standalone macOS accounts

Simplify security tooling → Microsoft Defender

  • One integrated security platform
  • Fewer tools → fewer vulnerabilities
  • Lower licensing costs
  • Native integration with Microsoft 365 and Intune
  • Reduced operational overhead

The Result

  • Fewer tools → lower costs
    Redundant products were phased out.
  • A homogeneous, centrally managed security policy
    All devices now follow exactly the same security model.
  • Full management of laptops and mobile phones
    No more BYOD approach for devices that were actually companyowned.
  • Greater visibility and simpler daytoday management
    Administrators now work from a single source of truth on one platform.
  • Stronger ISO 27001 support
    Compliance evidence, reports, and policies are now consistent and easy to deliver.
  • A solid foundation for Zero Trust
    Identity, device, and risk are now always validated automatically.
Collaborative Success
Security Ok

What happens after the audit?

The audit comes with no obligation to proceed. The choice is entirely yours.

White Check IconYou or your existing IT partner can implement the recommended improvements. In that case, Dunetrails remains fully independent, and the audit report serves as an objective guideline.
White Check IconAlternatively, we can support part or all of the implementation.
In that scenario, our role shifts from auditor to implementation partner, and any future audit should ideally be performed by another independent party.

This approach ensures a clear separation between audit and execution.

Schedule Your Security Audit

Want to know how secure your Microsoft 365 environment really is today?

Schedule your audit and receive a clear, objective security overview within days.