Compass IT Compliance's Microsoft 365 Security Assessment is a professional service that evaluates an organization's Microsoft 365 environment against the CISA Secure Cloud Business Applications (SCuBA) standards. The assessment reviews configurations, policies, and access controls across key M365 components to identify security weaknesses and misconfigurations. Components evaluated include: - Azure Active Directory - Microsoft 365 Defender - Exchange Online - SharePoint Online - Microsoft Teams The service focuses on identifying gaps between an organization's current M365 configuration and recommended security baselines, recognizing that M365 does not ship with maximally secure default settings. Beyond identifying vulnerabilities, the service includes detailed remediation recommendations and hands-on assistance to adjust settings and configurations. The assessment is positioned for a broad range of industries, including financial services, healthcare, higher education, retail, manufacturing, legal, utilities, government, construction, hospitality, nonprofit, and technology sectors. The service was formerly known as the Office 365 Security Assessment and is delivered by Compass IT Compliance's cybersecurity analysts.