Financial Services

Modernising the Workplace


A comparatively small but successful Hedge Fund based in the United Kingdom.

Related Services

M365 Security Assessment

Project Detail

In an era where digital transformation is pivotal, a leading Financial Services firm recognised the need to embrace Microsoft 365 (M365) to enhance collaboration and productivity among its workforce. The deployment encompassed a suite of M365 solutions including Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, Azure Active Directory, and more. This move was aimed at fostering a modern workplace environment that supports seamless collaboration, both internally and with external partners.


Shortly after deployment, the firm’s Information Technology (IT) department observed that, despite enabling basic security controls, there remained uncertainties about the adequacy of these measures in securing the M365 environment comprehensively. The challenges were multifaceted, involving concerns over data protection, access management, and potential vulnerabilities that could be exploited by cyber threats. The primary concern was whether the existing security posture was sufficient to protect sensitive financial data and comply with stringent regulatory requirements inherent to the financial sector.


Metis Security was commissioned to conduct an exhaustive security assessment of the firm’s entire M365 deployment. This assessment was designed to scrutinize the security configurations, practices, and controls across all components of the M365 suite, including the core Office 365 solutions, Enterprise Mobility + Security (EMS) features, and Windows 10 integrations.

The assessment strategy by Metis Security encompassed:

  • Identity and Access Management: Evaluation of user authentication methods, conditional access policies, and role-based access controls to ensure that only authorised users could access sensitive financial data.
  • Data Governance and Protection:Analysis of data loss prevention (DLP) policies, encryption practices, and information rights management to safeguard data both at rest and in transit.
  • Application Security: Review of app permissions, external sharing settings, and third-party integrations to mitigate risks associated with application-level vulnerabilities.
  • Architecture and Infrastructure Security: Examination of the network security architecture, endpoint protection mechanisms, and secure access to M365 services.
  • Threat Protection and Visibility: Implementation of advanced threat protection solutions, audit log review practices, and anomaly detection systems to identify and mitigate cyber threats promptly.
  • Incident Response and Business Continuity: Evaluation of the incident response plan, recovery strategies, and resilience against potential cyber incidents to ensure business continuity.


The comprehensive security assessment conducted by Metis Security yielded a detailed report that highlighted current security strengths, uncovered potential vulnerabilities, and provided prioritized recommendations for enhancing the firm’s security posture. This roadmap was instrumental in guiding the Financial Services firm towards implementing robust security measures tailored to their specific needs.

Additionally, Metis Security developed a Power BI dashboard to facilitate ongoing management oversight and progress tracking as the firm embarked on remediation efforts. Where necessary, supplementary documentation was produced to support strategic planning and configuration adjustments, ensuring the firm was well-positioned to protect its digital assets and maintain compliance with financial regulatory standards.


The collaboration with Metis Security not only fortified the firm’s security infrastructure but also empowered it with the knowledge and tools necessary to navigate the complexities of cybersecurity in the financial sector.