Enterprise Security Audit – Microsoft 365 Compliance & Hardening

Here is one of my recent IT consulting missions where I conducted a full-scale security audit for a mid-sized company operating on Microsoft 365, with the goal of ensuring compliance, reducing attack surface, and hardening all identity and data access mechanisms.

Client: Zentrya Solutions (Managed Cloud Services Provider)
Consultant: Samuel Ndala – Cloud & Security Consultant
Duration: 6 days
Delivery Date: March 1, 2024
Project Type: Microsoft 365 Security Assessment & Remediation

Project Supervision & Mentorship

This project was completed under the mentorship and supervision of:

• Eric Mulumba – Senior IT Specialist with 15+ years of expertise in system architecture and enterprise security.

• Elie William Mbayabo – Technical Support Engineer at Check Point Software Technologies, with professional experience in network security and IT operations.

Working under their guidance allowed me to strengthen my technical skills, apply industry best practices, and deliver a solution that reflects real-world enterprise standards.

Project Summary

Zentrya Solutions requested a complete Microsoft 365 security review to align with both internal governance policies and regulatory requirements (GDPR, ISO 27001). The audit focused on identity protection, mail hygiene, DLP, and conditional access across all user roles.

Objectives

Perform a comprehensive security audit across Microsoft 365 services
Evaluate current identity protection posture (MFA, Conditional Access)
Review DLP and sensitivity labels across Exchange, OneDrive, SharePoint
Strengthen email security: SPF, DKIM, DMARC, Safe Links, Safe Attachments
Provide a full risk-based remediation plan with policy rollout timeline

Architecture Overview

Security Controls Reviewed

✅ Multi-Factor Authentication (MFA) enforcement rate: 64% → raised to 91%
✅ Conditional Access Policies: geo-blocking, device compliance, risk-based MFA
✅ DLP Rules applied to PII, financial data, and legal documents
✅ Defender for Office 365 configured: Safe Links, Safe Attachments
✅ Mail Protection: SPF, DKIM, and DMARC passed validation on all domains

Key Deliverables

📄 PDF audit report with current security posture & risk matrix
📘 Configuration guide: MFA, DLP, and mail protection policies
📊 Excel tracker with issue severity and remediation priority
🛠️ Policy deployment scripts (PowerShell)
✅ Final dashboard with Secure Score improvement summary

Results & Impact

✅ Microsoft Secure Score increased from 64% → 91%
✅ Email spoofing attempts now blocked at gateway
✅ All sensitive data traffic now tagged and monitored
✅ All users now behind MFA and role-based access rules

Tools & Tech Used

Microsoft 365 Admin Center, Microsoft Purview (Compliance)
Azure AD (Identity Governance, CA), Defender for Office 365
PowerShell, Graph API for automation
Microsoft Secure Score + Compliance Manager

Conclusion

This mission demonstrates how securing Microsoft 365 requires both technical hardening and policy alignment. Zentrya Solutions now operates under stronger governance, with a clear security baseline that supports audits, user trust, and regulatory requirements.

Popular Projects

Create a Real-Time Data Stream with Kinesis

Deploy a Containerized App to Azure Kubernetes Service (AKS)

Create and test a Pub/Sub queue with a subscriber

Host a Static Website on Google Cloud Storage

What is Cloud Computing ?

Cloud computing delivers computing resources (servers, storage, databases, networking, and software) over the internet, allowing businesses to scale and pay only for what they use, eliminating the need for physical infrastructure.

AWS: The most popular cloud platform, offering scalable compute, storage, AI/ML, and networking services.

Azure: A strong enterprise cloud with hybrid capabilities and deep Microsoft product integration.

Google Cloud (GCP): Known for data analytics, machine learning, and open-source support.

LINKS