With this comes an increased urgency to properly secure and protect those investments, especially with the stiff penalties facing companies that fail to do so.
In this blog, we’ll explore some of the security challenges MSPs commonly face with M365 and Azure, and how our new Cloud Security Assessment service can help you and your customers lock those environments down, tight.
Cyber security is a no-win game. The rules change on an almost daily basis, so it is essential to continue advancing and improving. Businesses are increasingly aware that standing still is essentially going backwards when it comes to security. There’s greater readiness to invest in their security posture, and many will turn to their service providers for advice.
There are many partners that tell me they offer a full security stack for their clients.
My first question is always ‘do you know what you are protecting?’
When the conversation turns to Microsoft 365 and Azure, most acknowledge it is difficult to know what assets their clients are using.
Many cannot point to a mechanism that ensures what they know about their client organisations is correct and complete.
The point being, even when you are in the security game, you can still swing and miss on what is enabled and disabled on your client organisations M365 and Azure tenants.
This is not due to any lack of capability, it’s simply due to the constant changes that occur as humans manage the client systems.
Whether it is activity by the MSP team, or clients themselves that may have administrative access to their platforms, variations can happen “under the radar” and go unnoticed and/or undocumented.
Over time, this leads to a significant drift from best practice security posture into the state known as the “unknown unknowns.”
An example of this may be an alert in the M365 Defender portal for a suspicious activity (the first unknown) where it cannot be confirmed whether the relevant mitigation was turned on (the second unknown).
Cloud security assessments (and security assessments in general) are purpose built to identify and mitigate potential risks within cloud environments, such as Microsoft 365 and Microsoft Azure. Typically, this involves a comprehensive evaluation of cloud infrastructure, applications, and data, covering security controls, data protection measures, access controls, network security, and compliance requirements.
It is important an assessment is conducted with the specifics of each business in mind. Aside from the IT and cloud estate, factors such as the size, industry, and jurisdiction of a business can add important nuance to the review process.
Human behaviour creates the greatest vulnerabilities in businesses.
The ACSC found that 83% of successful cybercrime reported in the 2020/2021 financial year could be partly or entirely attributed to users.
There is no technology that can automate this issue into non-existance. That’s why it’s essential that assessments go beyond the technical to also take the general security awareness and culture of an organisation into account.
Crayon’s cloud security assessments combine tools with human expertise, for the simple reason that people are the best to understand people.
OK, so far, we have established:
So, what’s next?
For example, if identity-based attacks were the most frequent and most successful assaults mounted on small to medium sized businesses (SMBs), a cloud security review might prioritise along the following lines:
With particular respect to Microsoft 365, some key areas to consider include the utilisation of built-in security features, such as multi-factor authentication, data encryption, and threat detection, which can be evaluated and optimised to enhance an organisation’s security posture. Additionally, it can consider ways to leverage Microsoft’s Security Score feature to measure their overall security posture and identify areas for improvement.
Azure also provides a range of security features and tools, such as Azure Security Center, Azure AD, and Azure Key Vault. An assessment may also provide recommendations on optimising use of Azure’s Security Center to monitor security posture, identify potential vulnerabilities, and take corrective action.
They know how to stick to established club rules, and they’ll stay only for as long as you need them around. Best of all, they tend to pass on some match-winning moves you may not have previously had in your playbook.
If you hadn’t picked it yet – we are part of your home club.
You already know that the value we add makes Crayon a great distributor, but it’s the services capabilities we provide that make us unique and that provide our partners with even more competitive advantage.
This includes our true through-partner service in the form of a Cloud Security Assessment, purpose-built to gather configuration data from an M365 tenant, Azure tenant, and in some cases, on-premises.
As I mentioned earlier, stepping up to the plate on security is good for business.
If you’re not ready to field a team of your own, or you want to add to your existing game, that’s when it makes sense to bring in a squad from your home club.
Every great club has more than one team. Drafting those players to fill gaps in your side is a bona fide strategy.
As a through partner service, you offer it, we run it on your behalf. Our security analysts receive the information needed from the review to provide mitigation advisory back to you.
The result is often an opportunity to add significant value to your customers, while reducing unrecognised risk and liability on your part as the service provider.
Various organisations can run a cloud security assessment using a tool-based approach, but tools only help to industrialise the effort. It is the human expertise that differentiates our service.
We put star players on the field that gained their experience in the major leagues, running Security Operations Centre (SOC) environments for enterprise organisations.
They provide the insight that adds value to the data tools generate, including:
Clients that are not yet planning an assessment of their security maturity should be planning to undertake this in the near future.
Assessments should be repeated on a 12 monthly cycle, while you continue leveraging their Microsoft Secure Score and Azure Security Centre actions to continually improve and increase their security posture baseline in between.
By leveraging our service, and enjoying the healthy margins that come with it, you’ll be in a position to better cover all bases with your customers.
Having a trusted third party to run the assessment on your behalf can also demonstrate your ongoing commitment to customers, by providing external validation as an additional check and balance.
Blogs
From July 1, Microsoft's new SMB Copilot pricing creates a bigger partner opportunity. Here's what's changed and how to turn it into more sales.
Blogs
Does the investment in Security SPD attainment stack up against the potential for partners to make a strong commercial return? Michael Brooke explores the economics in the last in this three-part series.
Blogs
In the second article in our Security SPD series, Michael Brooke offers tips to help partners gain the insight track from start to finish.
Blogs
In the first of a 3-part series, Michael Brooke explains why the buying signals from the market make Security SPD attainment worth a close look for partners.
Press Release
Crayon’s Mathew Howard named in 2026 CRN Australia Channel Chiefs list for driving partner success, innovation, and growth in ANZ IT channels.
Blogs
Learn how Microsoft’s strategic Copilot for All framework combines with Crayon’s inhouse AI expertise to drive practice development and revenue growth for partners.
On Demand Webinars
Watch the on‑demand webinar on turning data risk into revenue. Learn how partners use data protection maturity models to drive recurring revenue and customer trust.
On Demand Webinars
Join our team for a business and technical deep dive into the Microsoft Security SPD and why attaining it is great for business.
Business
AvePoint Partner onboarding content packs are now available from Crayon to help fast track confidence and success for your team.
On Demand Webinars
Our latest On-Demand webinar provides a practical, execution focused walk through the full Copilot partner journey, from early adoption to advanced scenarios.
Blogs
Fragmented data protection systems and processes create compliance proof-gaps for SMB customers. Scott Hagenus, Director, Cybersecurity here at Crayon explains.
Insights
Data Protection priorities are shifting for SMBs. Ramp up your ability to respond with curated insights, articles and resources to help you guide every customer conversation with confidence.
Insights
All the latest insights, articles and resources on M365 Copilot, curated into one place.
Guides and eBooks
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Business
Find out why Veeam Immutable Backup is a solution fit for responding to increased demand for optimised security in backup and recovery data.
Blogs
Looking to provide clients with Managed Detection and Response (MDR) and Managed SIEM services? Read on for six hot takes on why ContraForce should be in consideration.
On Demand Webinars
Watch this interactive webinar as the Crayon team discuss how to identify and harness hidden revenue potential with Security Assessments.
Webinars Series
Our latest webinar provides a technical deep dive into the advanced security features of Microsoft 365 E5.
Webinars Series
This webinar covers key features and best practices to help you stay ahead of threats.
Webinars Series
The webinar highlighted the capabilities of Microsoft Defender XDR and ContraForce in providing comprehensive security coverage.
Webinars Series
Learn how to help customers cut through cybersecurity overwhelm with strong foundational vulnerability remediation strategies.
Sales and Marketing
Pricing models, service definitions and competitive accelerators. Our latest webinar breaks down how to build a successful MSSP business.
Guides and eBooks
Mission essentials for winning data protection business in education, healthcare, retail and manufacturing.
Webinars Series
Practical insights for simplifying cybersecurity service and solution offerings.
Guides and eBooks
Partners, get your Bond on! Our Cyber Operatives Field Guide breaks down five cybersecurity missions to foil would-be cybercriminals.
Webinars Series
How do security assessments empower your cybersecurity practice to respond to the rise of AI? Find out!
