Advisory classification: this is a structured evaluation of client-provided evidence, not implementation or hardening delivery. Remediation implementation requires separate evidenced scope or a disclosed qualified specialist from DSE's expert network.

DSE Cybersecurity · Microsoft 365 and Entra

Find the access paths your tenant cannot explain.

A point-in-time, manual review of client-provided Microsoft 365 and Microsoft Entra portal configuration and exports for IT and security leaders facing business email compromise, access sprawl, an audit request, or a Copilot rollout. We produce an evidence register, severity-ranked findings, and prioritized remediation.

Buyer triggers

When identity risk becomes a business decision.

Email

BEC or suspicious access

A compromise or near miss exposed uncertainty about authentication, consent, and account ownership.

Change

Copilot or app rollout

A new application makes inherited permissions, consent settings, and account ownership more consequential.

Evidence

Audit or insurance request

A reviewer wants configuration evidence and accountable remediation—not a policy assertion.

Method and deliverables

Configuration, access, evidence, then priorities.

The manual review covers MFA and registration, privileged/admin roles, Conditional Access, legacy authentication, account lifecycle and offboarding, external sharing, app consent and service principals, mailbox and email controls, and available logging and audit retention.

01

Client-provided evidence

Portal exports, screenshots, and client-led screen shares establish the agreed tenant, identities, apps, logs, and settings in scope.

02

Manual configuration review

We compare supplied Microsoft 365 and Entra evidence with Microsoft guidance and the client's operating context. This is not an automated Microsoft Graph scan.

03

Evidence register

Observed settings, sources, dates, owners, evidence strength, and limitations are recorded so findings are traceable.

04

Severity-ranked findings

Each finding explains the observed condition, business exposure, supporting evidence, and recommended correction.

05

Prioritized remediation plan

A sequenced plan identifies quick wins, owner decisions, dependencies, and work requiring separate implementation scope.

06

Leadership readout

We walk decision-makers through evidence, risk judgment, limitations, owners, and the next actions worth funding.

Synthetic sample deliverable · not client data

One finding, from evidence to decision.

High · undocumented Conditional Access exclusion

Evidence: client-provided policy export and service-account inventory. Observation: a legacy automation account is excluded without a documented compensating control. Recommendation: confirm the workload need, migrate to a supported service principal or managed identity, restrict permissions, name an owner, and test before removing the exclusion.

Limitation: synthetic example based on supplied configuration evidence; no authentication attempt or automated tenant scan performed.

Engagement shape

Scoped to what can be observed and proved.

Typical advisory assessments run 5 to 10 business days after client-provided evidence is available. Scope and fixed price are confirmed in writing after the diagnostic. DSE owns the advisory method and remains accountable for the review. Any remediation implementation requires separate evidenced scope or a qualified network specialist whose role is disclosed.

Boundaries that matter

  • This is a point-in-time review of the scoped system as configured during the engagement.
  • It is not continuous monitoring, managed detection, or live incident response; DSE does not run a 24x7 SOC.
  • It is not an audit, not a certification, not a penetration test, not a blanket Zero Trust claim, not license resale, and not legal advice.
  • Remediation implementation or tenant hardening is excluded unless separately evidenced and scoped in writing.
  • We make no Microsoft partnership, certification, or reseller claim. Okta, Ping Identity, CyberArk, and other IAM platforms are outside this offer unless separately evidenced and scoped.
Related Microsoft 365 work

Identity controls also shape AI exposure.

For banks and fintechs specifically evaluating Copilot permissions, oversharing, and audit evidence, see our Microsoft 365 Copilot governance service. For a broader organizational baseline, use the Cybersecurity Risk Assessment.