SERVICE 03 · CLOUD SECURITY
Strace assesses Microsoft 365, Azure, and cloud identity for the gaps that produce most of the breaches we investigate. Five productized assessments, each delivered as a fixed-scope engagement with concrete remediation steps. Implementation is handed back to your IT or MSP, or scoped separately.
THE PROBLEM
The perimeter most companies still secure — firewalls, endpoints, network segmentation — isn't where attackers primarily operate anymore. They operate in your identity provider, your email tenant, your shared drives, and your admin consoles. A single phished session token can become full mailbox access, lateral SharePoint exfiltration, and persistent inbox rules in under an hour. Most Microsoft 365 tenants are configured to defaults that haven't been reviewed since they were provisioned.
WHERE MOST CLIENTS START
A fixed-scope assessment of your Microsoft 365 and Azure tenants against current Microsoft and CISA hardening guidance. Covers identity, email, collaboration, admin accounts, logging, conditional access, and Azure subscription posture. Deliverable: a written report with findings, severity tiering, and concrete remediation steps. Typical timeline: 2-3 weeks.
Starting at $5,000
WHAT WE OFFER
CLD-A
A broad review of your cloud security posture across configuration, exposed services, secrets management, default-deny gaps, and account hygiene. Vendor-agnostic — covers Microsoft 365, Azure, AWS, and Google Workspace as relevant. Deliverable: a scored posture report with prioritized remediation steps and a clear picture of what attackers see versus what you have assumed.
CLD-B
The flagship engagement. Fixed-scope assessment of your Microsoft 365 and Azure tenants against current Microsoft and CISA hardening guidance. See the featured section above for full scope and deliverables.
CLD-C
Deep review of identity infrastructure across Entra ID and cloud IAM: MFA enforcement, conditional access policies, privileged role assignments, legacy authentication exposure, federation, and break-glass account hygiene. For organizations where identity is the primary attack surface — which is most.
CLD-D
Cloud posture mapped to a target framework — SOC 2, ISO 27001, HIPAA, or cyber insurance carrier requirements. Deliverable: a written gap report showing exactly which controls your current cloud configuration satisfies, which it does not, and what implementation work would close the remaining gaps.
CLD-E
A review of logging coverage, alert tuning, and IR runbook readiness in cloud environments. Covers Microsoft 365 audit log retention, Sentinel or third-party SIEM configuration, alert rules, and the runbook gaps that turn cloud incidents into multi-week investigations. Natural cross-sell with the IR practice.
WHO THIS IS FOR
Small and mid-sized businesses running Microsoft 365 with no in-house security team · Professional services firms with sensitive client data in OneDrive and SharePoint · Healthcare and behavioral health practices with HIPAA obligations · Nonprofits and associations with limited IT staff · Government contractors with FedRAMP or framework requirements · Any organization told by their insurance carrier to harden their cloud · MSPs needing senior security depth on cloud assessments
HOW WE WORK
01 · INVENTORY
Identify what is in scope, who has access, and what is actually configured versus assumed.
02 · ASSESS
Review against current Microsoft, CISA, and industry hardening guidance, with severity tiered to your business risk.
03 · REPORT
Written findings with concrete remediation steps, not vendor-speak.
04 · HANDOFF
Findings handed to your IT team or MSP for implementation, or scoped as a separate engagement.
WHAT'S INCLUDED — M365 & AZURE SECURITY ASSESSMENT
ENGAGEMENT STRUCTURE
The Microsoft 365 & Azure Security Assessment is offered as a fixed-scope engagement starting at $5,000. Final pricing depends on tenant size, complexity, number of users, and Azure subscription scope. Identity-focused, posture, compliance, and detection-readiness assessments are scoped during the initial consultation. The practice is assessment-led; implementation is handed back to your IT or MSP, or scoped as a separate engagement.
MSP PARTNERSHIPS
Strace partners with managed service providers that need senior security depth on Microsoft 365, Azure, and cloud identity assessments. We work white-label or co-engaged, with clear scope and clear deliverables. If you operate an MSP serving SMB clients, reach out.
FAQ
READY WHEN YOU ARE