Skip to content
Menshen

Microsoft 365 · Health & Security

Microsoft 365
Health & Security
Assessment

A technical assessment of your Microsoft 365 tenant across Identity, Email, Endpoints, Data, Compliance and Governance. The result is a report in Portuguese, a prioritised remediation plan, and a presentation session with the analyst in charge.

Read-only access, with no changes to your environment.

Why this assessment

For organisations already on Microsoft 365

This assessment is for organisations already running on Microsoft 365 that need to know, without ambiguity, the state of their tenant Your organisation's Microsoft 365 environment — your users, data and settings. . It does not replace migration: it assumes migration has happened. What it does is give you a structured risk read, against internationally validated baselines and against the Menshen team’s experience in aviation, public sector and banking environments in Angola.

It answers three concrete questions about your environment, based on recognised tools and senior analysis, not an automated questionnaire.

Question 01

Where do your identity, email, endpoint and data risks sit?

Which controls fail, which warn, which are in critical state, mapped in detail.

Question 02

How does your tenant compare to international baselines?

CISA SCuBA, Microsoft Zero Trust, Microsoft Secure Score and email best practices, in a single report.

Question 03

Which remediations do you prioritise, and in what order?

Roadmap across immediate, short, medium and long-term horizons, with estimated effort.

Scope

Six pillars, full tenant coverage

Every engagement covers all six pillars below. Nothing is left out by omission: if a pillar does not apply to your environment, it is recorded in the report with that explicit note.

  • Pillar 01

    Identity

    Microsoft Entra ID, MFA and Conditional Access, including privileged accounts and the user lifecycle.

  • Pillar 02

    Email

    Exchange Online protection and Defender for Office 365, anti-phishing and email authentication (DMARC/SPF/DKIM).

  • Pillar 03

    Endpoints

    Microsoft Intune and Defender for Endpoint: compliance and protection of the devices that access the tenant.

  • Pillar 04

    Data

    Microsoft Purview: sensitivity labels, DLP and retention policies.

  • Pillar 05

    Compliance

    Mapping to international baselines (CIS, Zero Trust, NIST), with exposure read against regulatory requirements.

  • Pillar 06

    Governance

    Administrative roles, privilege separation (PIM), audit log and application consents.

See the Microsoft 365 products assessed
  • Microsoft Entra ID (identity and access)
  • Microsoft Defender for Office 365 (advanced threat protection)
  • Exchange Online (email security and compliance)
  • SharePoint Online and OneDrive (access controls and collaboration)
  • Microsoft Teams (communication security policies)
  • Microsoft Intune (device management and compliance)
  • Microsoft Defender for Endpoint (endpoint protection)
  • Microsoft Purview (labels, DLP, retention)
  • Power Platform (low-code application security, where applicable)
  • Power BI (data visualisation governance, where applicable)

Access requested

Read-only

Account with Global Reader and Security Reader roles. No changes to configuration during the assessment.

Tooling and methodology

International baselines, senior read

The assessment cross-references recognised instruments (the CISA SCuBA baseline, the Microsoft Zero Trust Assessment and Microsoft Secure Score), a manual checklist, and the analysis of a Menshen senior technician. All in one report, with no black box.

See the instruments in detail
  • CISA SCuBA baseline

    The Microsoft 365 security baseline from CISA (the U.S. Cybersecurity and Infrastructure Security Agency), with mappings to NIST SP 800-53 rev.5 and MITRE ATT&CK. Automated control coverage.

  • Microsoft Zero Trust Assessment

    Zero Trust maturity assessment across four pillars: Identity, Devices, Network and Data. Microsoft-validated score.

  • Recommended email configuration

    Analysis of the Exchange Online configuration and email security against Microsoft-recommended best practices.

  • Microsoft Secure Score

    Native Microsoft score, with recognition of alternative mitigations and tenant context.

  • Manual checklist + technical analysis

    The 12 items the tools do not cover (governance, training, review processes), validated manually, plus the senior read that ties everything into a coherent plan.

How we run it

Five phases, about two weeks

01 / 05

Scope

Remote collection and analysis. The final presentation session can be on-site (Luanda) or remote (Teams), as you prefer. Each phase has defined deliverables.

  1. Scope

    30-minute alignment call. Scope confirmation, technical contacts, NDA, execution window.

  2. Collection

    Access provisioning with Global Reader role (read-only, no changes). Collection pipeline executed remotely.

  3. Analysis

    Cross-reference of the four instruments with the manual checklist. Priorities identified by the Menshen team.

  4. Synthesis

    Remediation roadmap built by horizon (immediate, short, medium, long-term), with estimated effort and owner.

  5. Handover

    Interactive presentation session (60 to 90 minutes). Final reports delivered, action plan agreed on the spot.

What you receive

Deliverables directly in Portuguese

The reports are produced directly in Portuguese, with no translation step: the content is native, with consistent technical terminology.

  1. Deliverable 01

    Executive report + technical appendix, in PDF

    A short document for management, with priority risks and decisions to make. A longer appendix for the technical team, with every control justified and referenced to the baseline.

  2. Deliverable 02

    Results presentation session (60 to 90 minutes)

    Led by the responsible analyst over an interactive report, filterable by product, severity and status. On-site in Luanda or remotely via Teams, open to questions and to plan adjustments in real time.

  3. Deliverable 03

    Agreed action plan, a living document

    Roadmap prioritised by time horizon, adjusted to your team’s input in the presentation session. Basis for a possible follow-on remediation, as a separate project.

The assessment is a structured diagnostic, not a coverage guarantee. Its conclusions inform remediation decisions; remediation execution is a separate project, if you decide to pursue it.

This assessment is a standalone service, available on its own. If you want to keep the diagnostic current between assessments, Microsoft 365 Posture Monitoring and Managed Microsoft 365 give you the same read, every month. All delivered by Menshen's own local certified team.

Credentials

Why trust this assessment to Menshen

  • 24 years as Microsoft Partner

    Since 2002. Angola’s oldest active Microsoft partner.

  • 10 Microsoft Partner of the Year awards

    5 country awards and 5 regional awards. Repeated validation by Microsoft of our technical competence and customer success.

  • Methodology validated in real deliveries

    The phased methodology, the technical pipeline and the presentation-session format are validated in real deliveries, for organisations with 50, 250 or 1,000 users.

Next step

Two ways to move forward

You have decided to proceed

Get a Quote

Answer 7 questions about your environment. The team confirms scope and sends a detailed proposal, with a fixed price and timeline.

Get a Quote

Still evaluating

Talk to a specialist

30-minute call with a Microsoft 365 specialist to discuss your environment and decide whether the assessment makes sense now, or after other priorities.

Talk to a specialist