Select your country

Belgium

China

Denmark

France

Germany

Maghreb & West Africa

Netherlands

Norway

South Africa

Spain

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

Picture Whitepaper

Auditing the security of Microsoft 365 instances for Swiss companies

Cover picture

A key security challenge

In today’s digital environment, safeguarding your organization’s data has become more important than ever. As companies increasingly depend on cloud solutions, Microsoft 365 has emerged as the preferred collaboration platform for many organizations. However, our findings from the Microsoft 365 security assessment service—primarily carried out for Swiss-based organizations—highlight a worrying pattern: Microsoft 365 instances are rarely "secure by default," and the majority of our clients operate on instances that are not adequately fortified.

 

The essentials of security assessments

A statistical analysis of four year of security assessments of Microsoft 365 instances for Swiss companies, conducted by Orange Cyberdefense Switzerland. The goal is to:

  • identify Trends & common vulnerabilities.
  • provide recommendations to strengthen security.

Trends & results

Client assessments show Microsoft 365 instances are rarely secure by default, with an average compliance score of 52% since 2021. We recommend aiming for 65%, focusing on cost-effective "Level 1" controls. Currently, 69% of clients fall below this target.

13 scenarios typically resulting from Microsoft 365 threats and risks

  1. Account takeover attacks
  2. Abuse of access rights
  3. Business identity spoofing
  4. Failure to investigate or detect an incident
  5. External infrastructure failure
  6. Administration failures
  7. Unapproved sharing of confidential data
  8. Internal infrastructure failure or breakdown
  9. Internal compartmentalisation failure
  10. Compromised administrator account
  11. Access to confidential resources from unapproved Apps
  12. Access to confidential resources from unapproved devices
  13. Malware propagation

Plan your security strategy

16 January 2025 | Report

Security Navigator for Business Leaders

Read more

20 October 2021

Security Navigator 2026

Security Navigator 2025 Research-driven insights to build a safer digital society, Adopt a proactive security posture based on cyber threat intelligence.

Read more

8 July 2022

The role of the C-Suite in the event of a cyber-attack

Before anyone can know what to do, everyone needs to understand their responsibility in the event of a cyber-crisis.

Read more
24/7 incident hotline