M365 Security and Configuration Assessment Statement of Work

This document is a Statement of Work (SOW) for the M365 Security and Configuration Assessment provided by SilverSky. The primary objective of the assessment is to identify misconfigurations and weaknesses in Microsoft 365 deployments that could be exploited by threat actors. The assessment includes a review against industry security benchmarks such as CIS and Microsoft 365 security best practices. It also aims to evaluate the current usage of M365 features to identify tools and features that may not be utilized. The document outlines the project scope, which includes tasks such as a kickoff meeting, information gathering, controls review, analysis, and reporting. SilverSky's obligations during the assessment are detailed, including the evaluation of accounts, authentication policies, email configurations, and mobile device management. The deliverables include a Detailed Findings Report that summarizes the assessment results, identified deficiencies, and recommendations for remediation. Customer obligations are also specified to ensure successful engagement.