Businesses have invested heavily into cloud platforms and applications over the past few years
With this comes an increased urgency to properly secure and protect those investments, especially with the stiff penalties facing companies that fail to do so.
In this blog, we’ll explore some of the security challenges MSPs commonly face with M365 and Azure, and how our new Cloud Security Assessment service can help you and your customers lock those environments down, tight.
When the home plate is constantly shifting, keep advancing on your existing position.
Cyber security is a no-win game. The rules change on an almost daily basis, so it is essential to continue advancing and improving. Businesses are increasingly aware that standing still is essentially going backwards when it comes to security. There’s greater readiness to invest in their security posture, and many will turn to their service providers for advice.
Know what you are protecting.
There are many partners that tell me they offer a full security stack for their clients.
My first question is always ‘do you know what you are protecting?’
When the conversation turns to Microsoft 365 and Azure, most acknowledge it is difficult to know what assets their clients are using.
Many cannot point to a mechanism that ensures what they know about their client organisations is correct and complete.
The point being, even when you are in the security game, you can still swing and miss on what is enabled and disabled on your client organisations M365 and Azure tenants.
This is not due to any lack of capability, it’s simply due to the constant changes that occur as humans manage the client systems.
Whether it is activity by the MSP team, or clients themselves that may have administrative access to their platforms, variations can happen “under the radar” and go unnoticed and/or undocumented.
Over time, this leads to a significant drift from best practice security posture into the state known as the “unknown unknowns.”
An example of this may be an alert in the M365 Defender portal for a suspicious activity (the first unknown) where it cannot be confirmed whether the relevant mitigation was turned on (the second unknown).
Cloud Security Assessments are an essential part of the playbook.
Cloud security assessments (and security assessments in general) are purpose built to identify and mitigate potential risks within cloud environments, such as Microsoft 365 and Microsoft Azure. Typically, this involves a comprehensive evaluation of cloud infrastructure, applications, and data, covering security controls, data protection measures, access controls, network security, and compliance requirements.
It is important an assessment is conducted with the specifics of each business in mind. Aside from the IT and cloud estate, factors such as the size, industry, and jurisdiction of a business can add important nuance to the review process.
Culture is a key factor.
Human behaviour creates the greatest vulnerabilities in businesses.
The ACSC found that 83% of successful cybercrime reported in the 2020/2021 financial year could be partly or entirely attributed to users.
There is no technology that can automate this issue into non-existance. That’s why it’s essential that assessments go beyond the technical to also take the general security awareness and culture of an organisation into account.
Crayon’s cloud security assessments combine tools with human expertise, for the simple reason that people are the best to understand people.
OK, so far, we have established:
- Things can go unchecked for M365 and Azure, even when you have good security game
- Cloud Security Assessments are a pragmatic way to keep things in check
- SMBs need pragmatic ways to advance their security postures
- Ideally, service providers can respond to that need, even if security is not a deep practice
So, what’s next?
What's involved?
For example, if identity-based attacks were the most frequent and most successful assaults mounted on small to medium sized businesses (SMBs), a cloud security review might prioritise along the following lines:
- Identity protection
- Asset protection
- Device protection
- Threat and vulnerability management
- Application protection
With particular respect to Microsoft 365, some key areas to consider include the utilisation of built-in security features, such as multi-factor authentication, data encryption, and threat detection, which can be evaluated and optimised to enhance an organisation’s security posture. Additionally, it can consider ways to leverage Microsoft’s Security Score feature to measure their overall security posture and identify areas for improvement.
Azure also provides a range of security features and tools, such as Azure Security Center, Azure AD, and Azure Key Vault. An assessment may also provide recommendations on optimising use of Azure’s Security Center to monitor security posture, identify potential vulnerabilities, and take corrective action.
They know how to stick to established club rules, and they’ll stay only for as long as you need them around. Best of all, they tend to pass on some match-winning moves you may not have previously had in your playbook.
If you hadn’t picked it yet – we are part of your home club.
You already know that the value we add makes Crayon a great distributor, but it’s the services capabilities we provide that make us unique and that provide our partners with even more competitive advantage.
This includes our true through-partner service in the form of a Cloud Security Assessment, purpose-built to gather configuration data from an M365 tenant, Azure tenant, and in some cases, on-premises.
Play the home club advantage
As I mentioned earlier, stepping up to the plate on security is good for business.
If you’re not ready to field a team of your own, or you want to add to your existing game, that’s when it makes sense to bring in a squad from your home club.
Every great club has more than one team. Drafting those players to fill gaps in your side is a bona fide strategy.
How it works
As a through partner service, you offer it, we run it on your behalf. Our security analysts receive the information needed from the review to provide mitigation advisory back to you.
The result is often an opportunity to add significant value to your customers, while reducing unrecognised risk and liability on your part as the service provider.
Various organisations can run a cloud security assessment using a tool-based approach, but tools only help to industrialise the effort. It is the human expertise that differentiates our service.
We put star players on the field that gained their experience in the major leagues, running Security Operations Centre (SOC) environments for enterprise organisations.
They provide the insight that adds value to the data tools generate, including:
- What must be done immediately to secure a vulnerability
- What is realistically achievable in 30 days, 3 months, 6 month
- How to achieve the recommendations
- Which mitigations may require assistance to undertake
- Turning extensive data findings into succinct recommendations and requirements that demonstrate what is needed, in the simplest terms, to support your ability to get senior internal and external stakeholders on board.
Ongoing engagement
Clients that are not yet planning an assessment of their security maturity should be planning to undertake this in the near future.
Assessments should be repeated on a 12 monthly cycle, while you continue leveraging their Microsoft Secure Score and Azure Security Centre actions to continually improve and increase their security posture baseline in between.
By leveraging our service, and enjoying the healthy margins that come with it, you’ll be in a position to better cover all bases with your customers.
Having a trusted third party to run the assessment on your behalf can also demonstrate your ongoing commitment to customers, by providing external validation as an additional check and balance.
Related
Featured
Press Release
Crayon recognized as the winner of the 2025 Microsoft Malaysia Partner of the Year Award
Blogs
Data Protection Partner Playbooks for SMB Customers
As cybersecurity and continuity converge in platforms and in practice, partners need new playbooks to address modern Data Protection standards. Our in-house cybersecurity pre-sales lead, Michael Brooke explains why.
Featured
Guides and eBooks
Data Protection Playbook #1
What triggers an SMB customer to begin exploring their need for better Data Protection? The first of our four Data Protection Playbooks for partners breaks down how to position and win in the Pre-Adoption and Exploration stage.
Featured
Insights
Data Protection Resource Round-Up
Data Protection priorities are shifting for SMBs. Ramp up your ability to respond with curated insights, articles and resources to help you guide every customer conversation with confidence.
Featured
Partner Spotlight
The strong, supportive partnership driving Acceltech’s growth
In this Partner Spotlight, Acceltech Managing Director Ivy Tarrobago shares how Crayon’s responsive support enhances client outcomes and business growth.
Featured
Whitepapers
Strengthening Data Protection for SMBs
Data Protection is a must for all SMBs but how can partners align solution investment with critical business objectives? Our latest paper shows you how.
Press Release
Crayon Cloud-iQ: next generation roll-out announced
The full roll-out of Crayon's next generation Cloud-iQ platform has arrived, with enhanced features and functionality that partners will love.
Press Release
Crayon wins at CRN Channel Awards Asia 2025
Crayon has been recognised with a huge double win at the CRN Channel Asia awards ceremony.
Featured
Insights
M365 Copilot Hub
All the latest insights, articles and resources on M365 Copilot, curated into one place.
Featured
Insights
Secure Backup and Recovery
SMB customers are storing greater volumes of sensitive data in more places than ever. Secure backup and recovery practices are essential to how they protect it.
Featured
Partner Spotlight
Crayon Expertise: Why Bigfish is hooked
Bigfish Technology saved AU$20,000 on its annual Microsoft licensing after one call with Crayon and has since built a strong partnership that enabled Bigfish to get access to Crayon’s expertise and vendor ecosystem.
Insights
Insider Risk: SMB data and the threat within
Insider risk is a subtle and continuous challenge for SMB customers. Turn it into a manageable and quantifiable aspect of their Data Protection strategy.
Featured
Blogs
Data Protection for SMBs
From rethinking backup to governance frameworks and behavioural analytics, what's involved in building a complete Data Protection strategy for SMB customers?
Featured
Case Studies
Cloud ERP and Copilot
Find out how Dynamics Square combined Cloud ERP and Copilot to transform operations for a growing pharmaceutical manufacturer.
Case Studies
Controlling inventory costs in Pharmaceutical
Explore how Dynamics Square delivered a 25% cost reduction for AV Health in our latest case study.
Case Studies
Controlling Azure Costs in Real Estate
Learn how Navigatum reduced Azure infrastructure costs and delivered a cost-effective, scalable foundation for growth for a leading strata firm.
Featured
Guides and eBooks
Microsoft Change Compendium
Insights, articles and resources on major updates in Microsoft's programs and licensing agreements and channel strategy.
Featured
Insights
Microsoft’s Channel Evolution
We explore the evolution of Microsoft's channel strategy over the past ten years, and what can be learned by viewing it through a Value Cycle lens.
Insights
Partners of the Future
Rhonda Robati, Executive Vice President of Crayon APAC assesses the factors driving Microsoft's channel strategy and the evolution needed to be a Partner of the Future.
Guides and eBooks
The Microsoft Fabric Partner Guide
The Microsoft Fabric Partner Guide curates our recent articles, videos and resources to accelerate Crayon partner learning.
Business
Veeam Immutable Backup
Find out why Veeam Immutable Backup is a solution fit for responding to increased demand for optimised security in backup and recovery data.
Blogs
Security 2027: Why ContraForce stands out
Looking to provide clients with Managed Detection and Response (MDR) and Managed SIEM services? Read on for six hot takes on why ContraForce should be in consideration.
On Demand Webinars
Security Assessments: Identify hidden revenue potential
Watch this interactive webinar as the Crayon team discuss how to identify and harness hidden revenue potential with Security Assessments.
Webinars Series
Microsoft E5: Do more security and compliance with less
Our latest webinar provides a technical deep dive into the advanced security features of Microsoft 365 E5.
Webinars Series
A deep dive into Microsoft Defender for Endpoint
This webinar covers key features and best practices to help you stay ahead of threats.
Webinars Series
Master Modern Security with Microsoft Defender XDR and ContraForce
The webinar highlighted the capabilities of Microsoft Defender XDR and ContraForce in providing comprehensive security coverage.
Webinars Series
Webinar: Reduce the Cybersecurity Noise
Learn how to help customers cut through cybersecurity overwhelm with strong foundational vulnerability remediation strategies.
Sales and Marketing
Webinar: How to monetise Security as a Managed Service
Pricing models, service definitions and competitive accelerators. Our latest webinar breaks down how to build a successful MSSP business.
Featured
Guides and eBooks
The Data Operatives Field Guide
Mission essentials for winning data protection business in education, healthcare, retail and manufacturing.
Webinars Series
How to build a simplified cybersecurity practice
Practical insights for simplifying cybersecurity service and solution offerings.
Guides and eBooks
Cyber Operatives Field Guide
Partners, get your Bond on! Our Cyber Operatives Field Guide breaks down five cybersecurity missions to foil would-be cybercriminals.
Webinars Series
The value of security assessments in the Age of AI.
How do security assessments empower your cybersecurity practice to respond to the rise of AI? Find out!
