Microsoft 365 Health Check: what we check and what errors we detect most often

The security configuration of your cloud system does not „break down” suddenly. It just loses consistency over time and begins to organically unravel.

Microsoft 365 can be secure, but this requires its correct configuration and subsequent supervision. Even if the system takes off in good shape. Later come new applications, new security mechanisms, changes in teams, „momentary” accesses, integrations, file migrations, exceptions in policies, new licenses and tools implemented by different departments. After a few quarters, the environment begins to take on a life of its own. First in the details: overly broad permissions, guests left behind after a project, „for anyone with a link” accesses, access exceptions that no one remembers anymore, or licenses assigned to users who don't use them.

Microsoft 365 Health Check is an audit of the configuration, security and usage of the M365 environment. It shows the actual state of the tenant, not just whether specific features are enabled. We look at where there are risks today, which settings need to be adjusted, and where the organization can reduce costs or make better use of its licenses.

The goal is not a report „for the drawer.” The goal is to answer a practical question: What needs to be improved first to increase security, clean up the configuration and not burn through the budget on unused resources.

Why „default settings” do not guarantee security

At the start, many organizations use default settings, such as Security Defaults. This is a good starting point, especially in smaller environments. The problem starts when the organization grows: additional roles, exceptions, working from different locations, private devices, vendors and guest accounts appear.

In larger environments, it is safer to base access on the Conditional Access and policies tailored to the actual work: who, from where, on what device, to what resources and under what conditions. After disabling Security Defaults, Microsoft recommends implementing Conditional Access policies, at least from the secure foundations category.  

Without such a model, the environment may function correctly operationally, but at the same time be exposed to risks that are not apparent in day-to-day operations.

What exactly do we verify in Microsoft 365 Health Checkup

The Secure Score may be the starting point, but we don't stop with the report. The Secure Score is a useful indicator of security status and recommended actions, but Microsoft stresses that it is not an absolute measure of the likelihood of a system or data breach (it is more of a sales tool for new licenses).  

That's why at Health Check we check the security configuration in the tenant and compare it with best practice recommendations tailored to the organization. We look at how users are using functionality, what licenses the organization has, and which areas need security improvements or can lead to cost savings.

1) Identity and administrative roles in Entra ID

This is usually where the biggest risks are, because identity is the gateway to all of Microsoft 365.

In practice, we verify:

  • privileged roles: who has what roles and whether it makes sense operationally,
  • Conditional Access: rules, exceptions and where gaps most often arise,
  • Guest accounts: how are they invited, how long do they have access, and does anyone periodically monitor this,
  • logging: suspicious locations, unusual attempts, repetitive risk patterns.

2) Mail and domain in Exchange Online

Here, the goal is to reduce the risks associated with phishing, mailbox takeovers, the configuration of uncontrolled redirects and domain impersonation.

Among other things, we check:

  • domain authentication: SPF, DKIM, DMARC and configuration consistency,
  • Mail flow rules and automatic redirection to external addresses,
  • Settings to increase resistance to phishing - the scope depends on your licenses.

3) Devices and data access in Intune

We don't assume a „perfect world” where every device is up-to-date and secure. We verify that policies actually support access control, not just look good in the admin panel.

We verify:

  • device compliance policies and whether they have a real impact on access to resources,
  • Mobile application protection and copy-and-paste scenarios between corporate and private applications,
  • encryption and minimum standards for devices that access corporate data.

4) File sharing and collaboration in SharePoint, OneDrive and Teams

This is an area where it often appears oversharing, i.e., file shares, sites and teams that have been maintained too widely or for too long. Usually this is not due to malice. More often it's due to a lack of simple rules, time controls and access reviews.

Check:

  • Levels and principles of external sharing: organization, sites, links,
  • Guest access and time to maintain access,
  • Settings to limit accidental sharing of sensitive data.

SharePoint and OneDrive enable collaboration with people outside the organization, such as partners, vendors, customers or suppliers. This is why external sharing policies should be consciously set and regularly reviewed.

5) Microsoft 365 licensing, costs and usage

Our Health Check doesn't stop at security. In many environments, the question is just as important: Whether the organization actually uses what it pays for.

We check that licenses are assigned according to real usage, that selected Microsoft 365 features are being used, and that there are no areas where the organization is paying for duplicate tools. Microsoft 365 admin center provides usage reports to check user activity, service usage and adoption trends; Microsoft also points out that the reports can help identify users who are using the service in a very limited way and may not need a particular license.  

We verify, among other things:

  • Assigned but unused or poorly used licenses,
  • The differences between the plan you have and the real needs of users,
  • security and compliance features available in the current package,
  • Third-party tools that partially duplicate the capabilities of Microsoft 365,
  • Recommendations that require a licensing or budget decision.

The result doesn't always mean a simple „here and now” cost reduction. Sometimes the better decision is to clean up assignments, make better use of the current plan, or consciously shift some budget from licensing to security, governance or user adoption.

If you want to see where the greatest risks accumulate in your M365 tenant and which fixes are worth implementing first, see Microsoft 365 Health Check.

See service

Three mistakes that are repeated most often

1) Legacy authentication where it shouldn't be

It's an „invisible” problem: old protocols and exceptions that come back after migrations, integrations, or technical device deployments. In day-to-day operations, everything may look normal - until an incident.

We don't turn it off in the dark. Microsoft recommends starting a policy to block legacy authentication with report-only mode so that administrators can check the impact on users and applications, and only then move on to policy enforcement or phased implementation.  

In practice, this means: first identifying dependencies, then controlled disabling, testing and only enforcing changes.

2) Overly broad administrative roles assigned permanently (no expiration time)

It's not about making IT's life more difficult. It's about making entitlements reasonable and under control: narrower roles, sensible granting rules, reviews over time, and no „forever” approach.

At Health Check, we verify that administrative roles are assigned according to real need, that they have an owner, and that there is a process for their periodic review.

3) Sharing „on link” without rules and without guest hygiene

SharePoint and OneDrive support collaboration well, but only if the organization clearly establishes rules. Otherwise, after a few months it becomes an uncontrolled distribution of data „by project.”.

It's rarely bad will. More often it's a lack of simple rules: who can share, with whom, for how long and in which locations.

How to get started without stalling the project

To move efficiently, you don't need weeks of preparation. Most often, enough is enough:

  1. Agreed read-only access - e.g., through appropriate administrative roles or tenant administrator approval to access data necessary for analysis. We do not ask for passwords or change configurations during an audit without agreement.
  2. Business context: what's hurting you today, e.g., audit, incident, AI/Copilot, data cleanup, preparing for regulations.
  3. License plan approximately so that recommendations are cost realistic.

Usage reports in Microsoft 365 admin center can be accessed by roles such as Global Administrator, Global Reader, Reports Reader or Usage Summary Reports Reader, among others, which supports an analysis scenario without granting full administrative privileges where they are not needed.

The result is simple: you get a list of risks, priorities and a remediation plan - not a „to the drawer” report.

FAQ - The most common questions about Microsoft HealthCheck

How long does the Microsoft 365 Health Check last?

Most often 1-3 weeks, depending on the scale of the tenant and the number of areas to be verified.

Does the audit affect users?

No. By default, we work in read mode. We do not change passwords, disable services or modify configurations without agreement.

What do we get at the end?

A prioritized list of risks and recommendations: what to do now, what to plan, and which changes require testing or a business decision, as well as a recommended roadmap.

Do you also check costs and license usage?

Yes, this is one of the elements of Health Checku. We check whether the licenses are actually being used, whether the features of the current suite are being used, and whether the organization is paying for tools that can be partially replaced by native Microsoft 365 mechanisms.

Can we implement the recommendations ourselves?

Yes. The report is to be specific enough to be proven by your own team. You can also use our support to implement the changes.

Do you want the intranet to actually work?

Do you want to have a clear picture: where are the risks in Microsoft 365 today, which areas of the configuration need to be adjusted, and where can you make better use of your licenses?

Make an appointment for a 30 min consultation and we will determine the scope of Health Checku under your environment.

Contact us
Explore our offer

Learn about our other services

pexels-photo-12899188-12899188.jpg

Business applications

Services for applications and turnkey solutions in the area of process digitization and modern work environment.

Learn more
pexels-photo-6804068-6804068.jpg

Modern and comprehensive cyber security support for your company.

Learn more

Cyber Security

Full support and optimization of IT infrastructure, ensuring stable development of your business.

Learn more

IT infrastructure

pexels-photo-1181676-1181676.jpg

Security of deployment and maintenance of Microsoft 365 and Azure services that enable flexible management and cost optimization.

Learn more

Cloud solutions

AI

Implementation of AI Hub and local models

When data is too sensitive for the public cloud, we deploy an isolated AI environment (on-premise or private cloud). The project includes launching the AI Hub and selecting an approach to models and integration with internal systems. We configure access, monitoring and maintenance standards so that the environment is ready for development and auditing. This solution gives full control over the data and reduces the risk of it leaving the organization's infrastructure. It is most often chosen by companies with critical data and high confidentiality requirements.
Contact us

AI

Building Secure Gateways (AI Gateway)

If a company wants to use public AI models but needs to control the data, an AI Gateway is the solution. We design a gateway that controls traffic to the models, filters queries and can restrict the transfer of sensitive data. We add security rules tailored to the organization's policies, as well as logging and monitoring of AI usage. This allows you to use powerful models, but without the risk of sensitive information “going outside” the company. The solution is particularly suitable for organizations with higher security requirements.
Contact us

AI

Security and AI Governance

AI in a company needs clear rules - otherwise “Shadow AI” and uncontrolled data flow appear. We put governance in place: we define who can use AI, in what tools and on what data, and what are the exceptions. We establish roles and responsibilities between business, IT, security and compliance so that decisions are not “in a vacuum.” We prepare procedures for accepting usage scenarios, managing risks and responding to AI incidents. The result: AI operates predictably in the organization, not “in the wild.”.
Contact us

AI

Data Classification and Protection (DLP)

Without data classification, it is difficult to use AI securely - the system does not distinguish between public and sensitive information. We organize data and implement protection mechanisms: classification model, sensitivity labels and information protection policies (e.g., Microsoft Purview). We configure DLP rules that limit accidental sharing and transmission of sensitive data. We set the rules so that they are practical for users, rather than “blocking everything.” The result is greater control over data and less risk of its use in an inappropriate context.
Contact us

AI

Auditing and optimizing Microsoft 365 for AI

Copilot and AI tools operate within the limits of user permissions - so getting access and sharing sorted out before launch is key. We review SharePoint and Teams for “oversharing” and places where data may be visible more broadly than it should be. We identify risk areas (e.g., shared folders, share links, groups and roles) and suggest specific fixes. You get a priority list: what to fix quickly, and what needs to be cleaned up in terms of structure and rules. The result: a safer AI startup and less risk of internal information leakage.
Contact us
AI

AI Readiness Strategy and Workshop

The AI Readiness workshop organizes the topic of AI before there are licenses, tools and first “pilots.” Together, we select processes where GenAI makes the most business sense and where an effect can be seen quickly. We check the readiness of the organization: data, access, security and competence of the teams, so that AI is not implemented “on faith.” Finally, an AI roadmap is created with priorities for 30/60/90 days and a clear list of preparatory steps. This is a good start if you want a decision based on facts, not hype.
Contact us

Business Applications

Migration of applications and processes

We carry out migration projects both at the level of data and entire processes. We specialize in migrations to the Microsoft ecosystem. We help plan migrations, prepare data for migration, and perform test and target migrations. We provide post-migration support and optimization services for new solutions.
Contact us

Business Applications

Implementation of IT governance

We support our clients in implementing or optimizing IT governance for Microsoft solutions and technologies. We offer both in-house services developed on the basis of many years of experience and ready-made partner solutions to facilitate and accelerate the implementation of governance.
Contact us

Business Applications

Building and optimizing analytical solutions

We support our clients in building or optimizing analytics solutions. We provide services on all key layers of analytics, i.e. data extraction from various data sources, data integration and preparation for analytics, building optimal databases, warehouses and data lakes, and data modeling for analytics.

We help implement and adopt Microsoft solutions for analyzing and presenting data, such as Microsoft Fabric and Microsoft Power BI.

We organize workshops for both technical and business users.

Contact us

Business Applications

Training for business and IT

We offer comprehensive training for companies on how to effectively use Microsoft 365 applications to help your team maximize the potential of modern office tools.

Our training courses are tailored to the participants' level of proficiency, and practical exercises will help to quickly implement the skills learned in everyday work.

We also offer specialized training for Microsoft 365 environment administrators to effectively manage and grow your company's infrastructure. Our training includes advanced configurations, security management, access control, application deployment and optimization of your Microsoft 365 environment.

With our experienced trainers, participants will gain hands-on knowledge of administering services such as Exchange Online, SharePoint, Teams, OneDrive and Azure AD, allowing them to effectively monitor and develop their cloud environment.
Contact us

Cyber Security Technologies.

End device protection (EDR)

EDR (Endpoint Detection and Response). is an advanced cyber-security tool focused on monitoring and responding to threats in real time on end devices such as computers, smartphones and servers.

EDR uses behavioral analysis, signature engines and AI to detect and block attacks before they happen. Compared to traditional antivirus solutions, EDR offers more proactive protection and Automation of response processes.

It is a key tool that significantly improves the level of security in a customer's infrastructure, especially in the case of distributed infrastructure. It is also an essential tool in the work carried out by Security Operations Center (Monitoring Teams
and responding to cyber threats in the organization).

ISCG offers EDR-class systems of the world's leading cyber security vendors: Microsoft Defender for Endpoints, Checkpoint, Sentinel One, Trend Micro

Contact us

Cyber Security Technologies.

Security incident monitoring and response [SIEM/SOAR].

Implementation of SIEM/SOAR monitoring and response systems [Security Information and Event Management/ Security Orchestration, Automation, and Response] offered by ISCG are advanced solutions that enable comprehensive protection of IT infrastructure. 

They integrate data from various sources such as network devices, operating systems, applications, EDR systems, PAM, IAM, and cloud environments, enabling continuous monitoring, threat detection and incident response automation. 

By combining SIEM and SOAR, organizations can quickly and effectively manage cyber security, minimizing the risk of attacks and ensuring regulatory compliance. These solutions are used in the daily work of the organization's security monitoring teams -. SOC (Security Operations Center)..

ISCG offers SIEM/SOAR class systems The world's leading cybersecurity vendors: Microsoft Sentinel, IBM Qradar, Elastic

Contact us

Cyber Security Technologies.

Mobile Device Management [MDM].

MDM (Mobile Device Management). is a modern solution enabling central management of mobile devices in the company. Implementation of MDM class systems allows remote configuration, monitoring and security of mobile devices such as smartphones, tablets and employee laptops, providing full control over company data.

MDM Solutions protect against data loss or leakage, enable enforcement of security policies, and allow remote locking and wiping of devices In case of an emergency. They also allow the implementation of updates and patches which significantly contributes to the security of the infrastructure. This is a key element of security in remote and mobile work environments.

ISCG offers MDM-class systems The world's leading cyber security vendors: Microsoft Intune, Ivanti Trend Micro Mobile Security, NinjaOne

Contact us

Cyber Security Technologies.

Web Application Security [WAF].

WAF (Web Application Firewall). is an advanced solution that protects web applications from external attacks, such as SQL injection, cross-site scripting (XSS), DDoS and other most frequently mentioned attacks listed in the OWASP Top 10

WAF Monitors and filters network traffic, providing protection against known and unknown threats before they reach your applications. With this tool, your applications are safe,
and user data protected. 

WAF is a key component of cybersecurity, making applications more resilient to attacks and ensuring compliance
With safety regulations and an absolute must have For an organization with web-based applications.

ISCG offers WAF-class systems The world's leading cybersecurity vendors: Microsoft Azure Application Gateway, Barracuda WAF

Contact us

Cyber Security Technologies.

Email Security [Mail Security].

Mail Security provides comprehensive email protection against threats such as phishing, spam, malware and zero-day attacks. 

The solution monitors email traffic in real time, identifies suspicious messages and blocks dangerous content even before it reaches the mail server, minimizing the risk of data leakage and attacks on IT infrastructure. With advanced filtering and security mechanisms, it ensures secure company communications.

ISCG offers dedicated systems for mail protection The world's leading cybersecurity vendors: Microsoft Defender for Office 365, Trend Micro Email Security, Check Point Harmony Email & Collaboration

Contact us

Cyber Security Technologies.

Enhanced Incident Detection and Response [XDR].

XDR (Extended Detection and Response) is an advanced solution that integrates threat data from different systems and layers of IT infrastructure, such as networks, endpoint devices and the cloud, to enable effective detection, analysis and response to attacks. XDR automates monitoring and incident response processes, which increases the efficiency of security operations. Unlike SIEM-class solutions, it features deeper analytics and automation of threat response processes. This solution helps companies proactively manage threats and reduce response time to cyber attacks, raising the level of protection for IT infrastructure.

ISCG offers XDR-class systems from the world's leading cyber security vendors: Microsoft Defender XDR , Checkpoint - Infinity XDR, SentinelOne - Singularity XDR, Trend Micro Vision One XDR

Contact us

Cyber Security Technologies.

Multi-Factor Authentication [MFA].

MFA (Multi-Factor Authentication). offered by ISCG is multi-component authentication, which significantly increases the security level of access to digital resources.
MFA requires users to confirm their identity using two or more verification methods, such as SMS codes, biometrics or tokens.
The solution protects against unauthorized access, phishing attacks and ensures compliance with regulations such as RODO, NIS2 and DORA, which minimizes the risk of data breaches

ISCG offers MFA-class systems from the world's leading cybersecurity vendors: Microsoft Azure MFA, Yubico YubiKey, HID MFA, Delinea and ISCG's proprietary solution dedicated to on prem ASA2 MFA environments.

Contact us

Cyber Security Technologies.

Passwordless authentication [Passwordless].

The Passwordless solution offered by ISCG is a passwordless authentication solution that eliminates the need for traditional passwords, increasing security and convenience for users. Identity verification is based on biometrics and cryptographic security keys, which minimizes the risk of phishing attacks and data leaks. Passwordless authentication is more secure and intuitive, supporting organizations in eliminating weak passwords and improving productivity

ISCG offers Passwordless class systems from the world's leading cybersecurity vendors: Microsoft Azure Active Directory Passwordless. HID DigitalPersona, Yubico

Contact us

Cyber Security Technologies.

Cloud security

Cloud security solutions [Cloud security]. offered by ISCG provides protection for data stored and processed in the cloud, minimizing the risk of cyber attacks and data leaks. The system includes mechanisms such as access control, preventive leakage protection and automated incident management. Through the collaboration of various cloud tools, ISCG provides comprehensive security tailored to an organization's needs, helping to meet regulatory and security standards

ISCG offers Cloud Security systems from the world's leading cyber security vendors: Microsoft Defender for Cloud. Trend Micro Cloud One

Contact us

Cyber Security Services

Risk analysis and management

Risk analysis and management are key to ensuring the security of organizations, especially in the face of increasing regulatory requirements such as NIS2, DORA and RODO. By identifying and assessing risks, companies can minimize the risk of breaches, protect sensitive data and comply with applicable regulations. Implementing effective risk management mechanisms increases an organization's cyber resilience, allowing it to proactively counter threats and limit potential losses.

ISCG offers comprehensive cyber risk analysis and management services, helping organizations identify, assess and minimize IT security risks. Our best-practice-based solutions enable continuous monitoring of risks, implementation of effective security mechanisms and compliance with regulatory requirements.

Contact us

Cyber Security Services

Vulnerability monitoring and management

Vulnerability monitoring and management service offered by ISCG is a service that provides comprehensive identification, assessment and management of vulnerabilities ( including patch management) in IT infrastructure. The goal of this process is to minimize the risks associated with cyber attacks through ongoing monitoring and security updates. This service includes regular scanning of resources, vulnerability assessment, patching and recommendations for future elimination or risk mitigation. In the price of the service, we provide commercial tools from leading manufacturers, so the organization does not incur any additional costs in terms of technology investment.

Benefits of vulnerability management:

  • Proactive detection of vulnerabilities in IT systems.
  • Increasing resilience to cyberattacks.
  • Maintain compliance with regulations and safety standards.
  • Respond faster and more effectively to new threats.
  • Monitoring the organization for vulnerabilities on a continuous basis
  • Patch management for third-party devices and systems and applications
Contact us

Cyber Security Services

Security HealthCheck for AD

The scope of the service includes, but is not limited to.

  • Configuration audit - including domain structure, GPO policies, and user and group management
  • Security assessment - review of current security mechanisms, password policies, access control and login security features
  • Identification of risks - configuration errors, security weaknesses, improper configurations and permissions
  • Analysis of compliance with security standards
  • Remedial recommendations

The end product is a detailed technical report describing all detected vulnerabilities and configuration errors, along with clear recommendations for security departments to improve security and risk management.

We provide the SH service for AD(Entra) on a one-time basis or as a recurring service that is a regular item on the organization's audit schedule.

Contact us

Cyber Security Services

Protecting the Cloud as a Service

ISCG provides services in the area of Cloud Security based on Microsoft technologies provide advanced protection for cloud environments based on solutions such as Microsoft Azure and Microsoft 365. Often this type of service begins the process that ultimately finalizes the implementation of a full Security Operations Center. These services include:

  1. Monitoring and detection of threats in cloud resources in real time, detect and automate actions to eliminate them
  2. Access and identity management Advanced identity management features, including Multi-Factor Authentication (MFA), Conditional Access, and Identity Protection, which provides full control over access to cloud resources.
  3. Data security and application protection - by monitoring and controlling application activities, implementing security policies tailored to the organization's needs and in compliance with regulations.
Contact us

Cyber Security Services

Health Check Office 365

Office 365 Health Check is a service provided by ISCG, is a comprehensive analysis of the health of the Microsoft 365 environment. The audit includes verification of security, such as MFA implementation, license management and identification of unnecessary administrative privileges. Specialists also check security in services such as Azure Active Directory, Exchange Online, SharePoint, OneDrive and Teams. The goal is to optimize security and cost efficiency by eliminating unnecessary licenses and adjusting data protection policies.

What do you get?

  • Basic security verification (MFA, password policies)
  • Identification of accounts with unsafe privileges
  • Verification of phishing and spam policies
  • Microsoft expert advice

Areas tested:

  • Licenses
  • Microsoft 365 and Azure Active Directory Security
  • Exchange Online, SharePoint, Teams, OneDrive

Benefits:

  • Increasing security and eliminating unnecessary licenses, which reduces costs.
Contact us

M365

End device management - Microsoft Intune

Endpoint device management is a key component of any organization's security strategy, and in the Microsoft 365 ecosystem, this is especially important. ISCG, a partner with Security expertise and years of experience in IT infrastructure management, offers end-to-end implementation and configuration of Microsoft Intune, a modern tool for managing mobile and desktop devices.

With Intune, it is possible to manage PCs and mobile devices from one central point, giving you full control over the devices in your company. This allows you to effectively:

  • configuration management,
  • Controlling and distributing updates,
  • Enforcing safeguards in accordance with the best industry standards,
  • Protection of corporate data on users' private devices (BYOD).

ISCG has been implementing endpoint device management solutions such as SCCM (System Center Configuration Manager) for years, making device management our DNA. This gives our customers the confidence that any Intune implementation will be based on a solid technical foundation and follow best practices. Our unique combination of knowledge and experience allows us to create consistent and secure IT environments.

Creating configuration and security standards is key to ensuring:

  • Uniformity and minimization of the risk of errors,
  • IT infrastructure scalability,
  • Full regulatory compliance (e.g., RODO),
  • Proactively securing company data against internal and external threats.

As part of the implementation, ISCG focuses on fine-tuning Intune to the organization's requirements. We integrate security solutions, such as Windows Defender, to effectively protect corporate data on users' devices, and support security policy management and compliance processes.

With ISCG as a partner, deploying Intune becomes the foundation for effective and secure endpoint device management, allowing the company to focus on key business objectives with the confidence that their IT environment is secure and optimized.

Contact us

M365

Migrating documents to SharePoint and OneDrive

Moving documents from local file servers or other cloud-based solutions to platforms such as SharePoint and OneDrive is a key part of modernizing any company's IT environment. ISCG offers comprehensive migration services that not only include moving files, but also optimizing their organization and ensuring the highest level of security in the new environment. This allows companies not only to access data from anywhere and from any device, but also to manage information efficiently, securely.

Migrating files to SharePoint and OneDrive requires the use of precisely planned document transfer logic. It is important to preserve the file structure during the migration process and to properly map access to documents in the new environment. ISCG pays particular attention to securing access to data at various levels, from the site level to individual files. This allows organizations to effectively control who has access to certain information, which is essential for maintaining data security.

An important aspect of migration is the classification of documents, which enables the proper management of file confidentiality. For the migration of sensitive documents, ISCG ensures the implementation of advanced mechanisms to protect against data leakage. ISCG's experience in working with classified data (access level 3) is crucial here, as migration of such sensitive information requires not only technical competence, but also appropriate procedures to ensure data integrity and security.

The introduction of SharePoint and OneDrive also makes it possible to implement advanced auditing mechanisms to monitor user activity against specific files and sites. These technical safeguards not only protect data from unauthorized access, but also enable rapid response to potential security incidents. In the context of today's cyber threats, this approach to document management and migration is invaluable.

In summary, ISCG, with its experience and expertise, provides secure, efficient and best-practice file migration to SharePoint and OneDrive, which supports not only the flexibility of teamwork, but also the highest level of data protection in the company.

Contact us

Azure

Maintain On-Premise and Azure environments 24/7

We provide professional maintenance services for Azure and On-premise environments, drawing on years of experience in managing large infrastructures for 50,000 users and several thousand servers. Our distinguishing feature is our support for classified networks and secret systems, thanks to our relevant certifications and NATO vendor status. We offer 24/7 global support and manage infrastructure in Data Centers around the world.

By opting for our services, you will focus on key aspects of your organization's operations, minimizing the risk of downtime and benefiting from advanced technologies and best practices. Outsourcing to ISCG also saves on hiring and training your own IT staff, allowing you to allocate resources more efficiently and invest in strategic growth.

Our comprehensive approach to infrastructure management, backed by experience in handling the most demanding environments, guarantees security, reliability and cost optimization. By working with us, you will gain confidence that your IT infrastructure is in the hands of experts who will ensure its uninterrupted availability and high performance.

Contact us

Azure

Management and audit of directory services

For any organization, the correctness of directory services is crucial, ensuring consistency and security in the management of identities and access to IT resources.

We provide comprehensive 24-hour support services for Active Directory, covering 2-3 lines of support. With advanced knowledge and experience in the field of Identity and Access Management, our team of specialists provides the highest quality of services.

In addition, we perform Active Directory audits, both one-time and regular, which are key to maintaining optimal configuration and security. Our audits allow us to detect security vulnerabilities, check regulatory compliance and monitor system performance. With regular reviews, it is possible to react quickly to changes in the organizational and technological structure, which minimizes the risk of unauthorized access and ensures business continuity

Contact us

Azure

Developing and maintaining standards in Azure

Customers often neglect regular reviews and audits of their cloud environment, leading to gaps in cloud management procedures and standards. ISCG ensures policies are updated and best practices are implemented, significantly improving security and efficiency.

We evaluate configurations and management policies on the Azure platform, identifying gaps, incompatibilities and risks. Based on the analysis, we develop recommendations for improving security, efficiency and compliance with best practices. We help implement these changes and monitor their effectiveness, regularly updating management policies.

Contact us

Azure

Emergency recovery of cloud environment

We offer comprehensive preparation of backup environments for key IT systems, ensuring their continuity and security. Our offering includes risk analysis and estimation of the costs associated with failure, as well as the development of recovery procedures and identification of data sources. We use Azure Site Recovery, which is the most cost-effective solution in its class, offering low cost, automatic backups and fast restoration of systems. Our services also include the development of detailed restoration procedures, establishing service levels (SLAs), ongoing support and monitoring to minimize downtime and ensure a fully functional backup environment. With our offerings, you'll increase the security of your critical systems, benefit from the low cost of Azure Site Recovery, and gain the confidence of rapid system restoration and customization.
Contact us

Azure

Migration to Azure

We specialize in comprehensive migration services to Azure, including both infrastructure and database applications. Our experienced teams of architects ensure a smooth and fast transfer of resources. The migration process is carried out with attention to data security and minimal downtime, allowing for a smooth transition to the new environment. Thanks to the advanced knowledge and experience of our specialists, clients can count on a safe and efficient migration that streamlines the management of IT resources and optimizes operating costs.
Contact us

Business Applications

DMS and VDR system

We offer implementation of an advanced DMS (Document Management System) class system with VDR (Virtual Data Room) functionalities, based on Microsoft SharePoint platform.

Our solution allows you to centrally manage your records, providing full control over access, versioning and archiving of documents. With VDR functionality, we enable secure sharing of confidential data with external partners, while maintaining the highest standards of security and activity tracking.

The system supports full automation of workflow processes, and with its flexible configurations, it is ideally suited to the needs of your organization, ensuring regulatory compliance and operational efficiency
Contact us

Infrastructure

Backup

We support our customers with a well suitable Backup system that will guarantee reliable backup of the environment. We work with leading brands on the market like Barracuda and Veeam.

Contact us

Infrastructure

Infrastructure management system

Management of on-premise infrastructure is still very often done with the System Center Configuration Manager tool. At ISCG, we have experience in supporting our customers in the area of this technology.
Contact us

Infrastructure

Infrastructure monitoring

We perform on-premise Infrastructure monitoring services. For this, we use native tools available within Microsoft Active Directory, Exchange, SCOM services as well as tools from leading manufacturers in the market.
Contact us

Infrastructure

Distribution of parcels

Along with the implementation of SCCM (System Center Configuration Manager), the ISCG team supports customers in preparing software packages to be distributed to workstations in the organization.
Contact us

Infrastructure

Databases

As part of our services in the area of on-premise infrastructure, we provide SQL database licenses. We also support customers in the management, reconfiguration and development of database environments.
Contact us

Infrastructure

Active Directory

Active Directory (AD) is an advanced directory system that provides companies with centralized management of user identities, network resources and security policies. With extensive integration capabilities, scalability and advanced access control mechanisms, AD enables secure and efficient organization of the IT environment.
Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Cyber Security Services

Cyber Deception Services

Cyber Deception is a cutting-edge security strategy that relies on the creation of fake environments, traps and false resources to mislead cybercriminals. It allows organizations to effectively detect attacks and learn from attackers' behavior before they can do real damage. This allows for early detection of threats that traditional security systems (NGFW, NDR) may miss. With confusing paths and attractors, attackers are guided to controlled locations, giving them time to react, minimizing potential damage. With Cyber Deception, we can detect attacks earlier, reduce risks and losses by engaging cybercriminals in attacks against false targets, better understand attackers' activities through analysis in a controlled environment, and increase security by complementing existing security systems in the infrastructure.

Contact us

Modern workplace

An efficient and secure MS Teams environment

We offer support in the development of the Microsoft Teams environment to make it as effective as possible for employees and at the same time safe for the organization.

Our services include automating the creation of assets, such as feeds, groups, sites and tabs, according to company policies, ensuring consistency and compliance with internal standards. We also provide standardization of descriptions and metadata to facilitate organization and information retrieval. We review current and archived resources, helping to optimize workspace, and manage access for employees and external visitors, ensuring compliance with security policies.

Contact us

Modern workplace

Digitization of HR processes

We offer comprehensive HR process digitization solutions that will allow your company to optimize and automate key areas of HR management.

Our services include digitizing processes such as recruitment - from automating candidate management, to digitizing onboarding and offboarding, to implementing effective training management systems. We also help with electronic leave management, the implementation of advanced 360 employee assessment tools, and the full digitization of HR documentation, allowing easy access to employee data and reducing paper documents.

Our solutions not only improve the operational efficiency of the HR department, but also support better workflow, regulatory compliance and improved employee experience.

Contact us

Modern workplace

Services for Microsoft 365 Copilot

We offer a comprehensive and secure implementation of Microsoft Copilot in a Microsoft 365 environment, providing full support at every stage of the process.

Our services include detailed configuration of the tool, taking into account the specific requirements of your organization, and assistance in meeting the highest standards of IT security and compliance.

In addition, we support the adoption of Copilot by employees, offering training and support in integrating it into daily work processes. We also provide long-term maintenance of the solution, including regular backups and monitoring to ensure business continuity and data security.

Contact us

Modern workplace

Chatbots

We offer implementation of advanced chatbots based on Microsoft Azure AI, Copilot and Microsoft Teams technologies to improve communication and process automation in your company.

Our solutions enable the creation of intelligent assistants to help with customer service, employee support and the automation of administrative tasks. Through integration with Microsoft Teams, chatbots can act as virtual assistants available within daily work tools, providing quick responses, technical support and performing routine operations.

The use of Azure AI and Copilot guarantees continuous learning and customization of chatbots to meet the specific needs of your organization.

Contact us

Business applications

Document workflow

We offer a comprehensive implementation of electronic workflow based on Microsoft Power Platform, SharePoint and Microsoft 365 technologies, which will significantly improve business processes in your company.

We create personalized solutions that automate the flow of documents, reduce processing time and increase transparency of operations.

With integration with Microsoft Power Automate and SharePoint, we provide easy documentation management, full control over permissions and security, and real-time progress tracking.
Contact us

Business Applications

IT governance services

We support our clients in implementing or optimizing IT governance for Microsoft solutions and technologies. We offer both in-house services developed on the basis of many years of experience and ready-made partner solutions to facilitate and accelerate the implementation of governance.

Contact us

Business applications

Implementation of e-signatures
and e-seals

Working with leading trust service providers, we provide solutions using electronic signatures and electronic seals.

We provide both qualified and non-qualified solutions.

The trust services we offer can be stand-alone solutions or part of larger systems - such as systems for managing e-contracts.
Contact us

M365

Audit and optimization of Microsoft 365 environment

Regular reviews of your Microsoft 365 environment are key to maintaining compliance with best practices and security standards. Our audit offerings, performed by ISCG, provide a thorough analysis of your Microsoft 365 configuration, identifying security gaps, regulatory non-compliance and other risks.

With a Microsoft 365 audit, you gain configuration optimization that maximizes the efficiency of your environment. You can save on unused licenses - up to 40% in costs. Additionally, you'll increase data security by focusing on protecting your business from threats.

Our audits focus on key areas such as analyzing redundant privileges and evaluating phishing and spam protection policies. Based on the results of the audit, we develop detailed recommendations for improving security, performance and compliance, and then help you implement these changes. Once the audit is complete, you will receive a detailed report to help you improve security, remove unused licenses, and implement best practices in Microsoft 365 management.

Contact us

M365

Development and maintenance of M365 standards

ISCG offers a comprehensive service for developing and maintaining cloud management standards, with the goal of improving the security and efficiency of Microsoft 365 environments. Customers often neglect regular reviews and audits, leading to gaps in procedures and standards.

Our team of experts performs a detailed assessment of configurations and management policies, identifying gaps, incompatibilities and risks. If necessary, we use third-party tools such as Simone Cloud and Microsoft Score to help align configurations with applicable standards, such as Baseline and CIS.

We prepare and document the key procedures that are necessary to properly manage a cloud environment. We regularly review and update this documentation to ensure it is in line with best practices and changing requirements.

Based on the analysis, we develop recommendations for improving security, efficiency and compliance. We help implement these changes and monitor their effectiveness through periodic updates to management policies.

With our service, customers can rest assured that their Microsoft 365 environment is compliant with best practices and properly secured. When you work with ISCG, you get a partner who cares about the growth and security of your cloud business.

Contact us

M365

Microsoft 365 24/7 support

As a Managed Services partner, we specialize in comprehensive maintenance of Microsoft 365 environments for numerous clients, including large organizations with thousands of users. Our offering includes all Microsoft 365 packages, allowing companies to focus on their business, leaving technology issues in the hands of experts.

Many organizations face difficulties due to insufficient competence to manage their environments, which can lead to misconfigurations and serious data security problems. Customers often overlook important issues, which can generate risks.

With dedicated first, second and third line support teams, we provide comprehensive assistance. Our Microsoft 365 support works 24/7, 365 days a year, allowing us to resolve issues quickly. We serve customers in 26 countries, offering advanced assistance for more complex issues. With our global reach and fast response time, we minimize the risk of downtime and ensure uninterrupted continuity of your Microsoft 365 services.

As part of the contract, we provide clients with the necessary data and reports with recommendations for changes in the environment, as well as FinOps data. We regularly discuss this information with the client, which allows us to jointly develop the competencies of local teams.

Contact us

M365

Backup of Microsoft 365 configuration and data

ISCG offers comprehensive data backup and archiving solutions for users using Microsoft 365, covering services such as SharePoint, Exchange Online, OneDrive and Microsoft Teams. Our approach guarantees full data security and quick access to backups in case of data failure or loss.

As part of our services, we offer backup of both data and settings of the Microsoft 365 environment. Both of these functionalities are crucial, especially in the context of regulations such as the FSA, which require business continuity and auditability. Data backup allows you to recover information after a disaster, such as a ransomware attack or other incidents. Configuration backup allows restoring the environment to a stable state and auditing the changes made, making it easier to identify deviations from recommended configurations.

We use proven tools such as Veeam, CodeTwo, Barracuda and CoreView to ensure effective data management. CoreView provides advanced analytics and reporting capabilities, enabling better license and security management in a Microsoft 365 environment.

ISCG uses Simeon Cloud solutions, which offer advanced configuration management features. This tool allows you to save environment settings and compare them with recommended CIS and baseline configurations. This makes it easy to identify deviations and receive recommendations for optimization. Simeon Cloud also allows you to track the changes you've made, which increases transparency and control. Users can create backups of their configurations and manage changes, as well as restore the full configuration from a specific day, which is extremely useful in emergency situations.

ISCG provides comprehensive and secure data backup and Microsoft 365 configuration solutions, enabling organizations to effectively manage their resources and ensure business continuity under all conditions.

Contact us
M365

Entra ID implementation and audit

Correctness of directory services is crucial for companies to ensure consistency and security in managing identities and access to IT resources. Improperly managed directory services can lead to security vulnerabilities, unauthorized access, and performance and regulatory compliance issues.

We have advanced Microsoft specialization in Identity and Access Management, so you can be sure of the best experience from our engineers. We offer a comprehensive Entra ID (formerly Azure Active Directory) implementation service for organizations with a scale of 50-100 thousand users, as well as smaller companies. With extensive knowledge of directory services and integration with various versions of legacy systems, our implementations are efficient and reliable. We support multi-location projects and integration of different domains, allowing for centralized management of access and identities.

We also perform one-time or regular Active Directory (AD) audits, which are essential to ensure that the configuration remains optimal and secure. Audits allow you to detect and address potential security vulnerabilities, check compliance with internal and external regulations, and monitor system performance. With regular reviews, you can also respond quickly to changes in organizational and technological structure, minimizing the risk of unauthorized access and ensuring business continuity.

Contact us

M365

Implementing Microsoft Teams

Microsoft Teams is an advanced communication and collaboration tool that acts as a central hub for daily work, integrating key business applications and ensuring the smooth flow of information within the company. It offers features such as chat, videoconferencing, file sharing and advanced workflow mechanisms to smooth approval processes and automate tasks, eliminating the need for multiple tools.

ISCG specializes in Microsoft Teams implementations and offers full support for integration with existing systems, user and access management. Our differentiator is our competence in integrating Teams with low-code platforms, which allows us to create and implement optimal business processes without advanced programming. As a result, we are able to offer solutions that take into account the specifics of Teams operations, supporting process automation and efficiency.

In addition, ISCG's offerings include Teams Room Calling, an integration of audio conferencing systems with telephony to enable seamless online conversations and meetings. Although Microsoft Teams is a well-known tool, many companies use only part of its potential. That's why we offer user training to take full advantage of Teams' advanced features and its integrations with other tools, making daily team work much faster and easier.
Contact us

M365

Mail migration to Exchange Online

Migration of mail from various systems such as Google Workspace, Lotus Notes, local providers or on-premisse servers to Exchange Online is a key part of the transformation to Microsoft 365 cloud. ISCG's team has extensive experience in large-scale migrations involving distributed environments with thousands of mailboxes. In such complex projects, we use third-party migration tools that automate the process and enable detailed migration auditing, ensuring full control and data security. This allows us to carry out the migration quickly and securely, minimizing the risk of data loss and downtime for the organization. We offer comprehensive support at every stage, from analyzing your current environment to moving emails, contacts and calendars, ensuring your business runs smoothly. Thanks to advanced security methods, your data is protected and the migration takes place at convenient times, limiting the impact on current operations. Once the process is complete, we also offer training and technical support so users can get the most out of Microsoft 365
Contact us

M365

CSP licenses

As a Microsoft Bill Direct ISCG provider, we offer Microsoft 365 licenses at attractive prices, supporting our customers to effectively manage their cloud resources. Our licensing optimization consulting allows you to maximize the use of available resources.

In addition, we establish close relationships with our clients, enabling them to benefit from the expertise of our best architects. We offer continuous 24/7 support services, which gives our clients a sense of security. As a partner with the right expertise, we monitor their environment, catching potential threats and responding to them quickly. The Microsoft 365 platform processes business-critical information, so it deserves the special attention and care we provide to our customers.

Contact us

M365

M365 and Co-Pilot platform management workshop

We offer a comprehensive training program on managing the Microsoft 365 platform, led by a top MVP architect in the area of this technology. Our courses focus on key aspects such as managing licenses, permissions and data security. Participants will gain the knowledge necessary to effectively manage their M365 environment, allowing them to optimize processes and increase productivity.

We particularly focus on the Copilot for Microsoft 365 tool, which supports task automation and facilitates daily collaboration. Through sessions led by an expert, participants will learn not only about the tool's capabilities, but also about the myths and facts associated with it. They will learn which features work effectively and which still need to be refined, allowing them to have realistic expectations and be better prepared to use the tools in their daily work.

Training is customized to provide the practical skills and competencies needed to effectively manage the platform and protect data

Contact us

Azure

Optimizing the Azure environment

We offer comprehensive services to reduce costs and increase efficiency in Azure cloud environment

Our service includes a cost audit and resource utilization analysis, which will allow us to identify areas for optimization. We will focus on monitoring workloads, optimizing test environments and reducing the number of virtual machines.

In addition, we will migrate from the Pay-As-You-Go model to long-term bookings, which can save up to 50%.

Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Backup data to Azure

We deliver advanced data backup configuration to the cloud, with a focus on security, efficiency and compliance with the best market standards. Our approach includes precise governance preparation, robust procedures and integrated processes, supported by the latest tools.

We design a backup architecture, tailoring it to your organization's specifics, and then configure backup solutions according to your strategy. We implement automated backup mechanisms and monitor processes in real time, ensuring data integrity and quick detection of problems. We regularly test the recovery process to ensure that backups are complete and effective.

Contact us

Azure

Entra ID implementation and audit

Correctness of directory services is crucial for companies to ensure consistency and security in managing identities and access to IT resources. Improperly managed directory services can lead to security vulnerabilities, unauthorized access, and performance and regulatory compliance issues.We have advanced Microsoft specialization in Identity and Access Management, so you can be sure of the best experience from our engineers. We offer a comprehensive Entra ID (formerly Azure Active Directory) implementation service for organizations with a scale of 50-100 thousand users, as well as smaller companies. With extensive knowledge of directory services and integration with various versions of legacy systems, our implementations are efficient and reliable. We support multi-location projects and integration of different domains, allowing for centralized management of access and identities.We also perform one-time or regular Active Directory (AD) audits, which are essential to ensure that the configuration remains optimal and secure. Audits allow you to detect and address potential security vulnerabilities, check compliance with internal and external regulations, and monitor system performance. Regular reviews also enable you to respond quickly to changes in your organizational and technological structure, minimizing the risk of unauthorized access and ensuring business continuity.
Contact us

Azure

Pilot implementation

The pilot deployment is a key test phase in the Azure migration process, allowing identification and elimination of potential problems before full deployment. Organizations can test the migration on a smaller scale, allowing them to optimize the process. Our experienced IT architects conduct detailed testing, moving selected infrastructure and application components to the Azure cloud, monitoring performance, compliance and security. The pilot phase also allows training for IT teams and end users, ensuring a smooth transition to the new environment. As a result, it minimizes the risk of problems, increases efficiency and ensures readiness for a full migration.
Contact us

Azure

CSP licenses

As a Microsoft Bill Direct provider, we offer the opportunity to purchase Azure licenses at attractive prices through the Cloud Solution Provider (CSP) program. Our offer not only includes access to the licenses you need, but also the added value of consulting in the form of cost optimization using mechanisms for scaling, booking and changing the billing model. With our consulting, customers can effectively manage their cloud resources, minimizing costs up to 50% and ensuring optimal use of Azure infrastructure.
Contact us

Azure

Landing Zone

Using Microsoft's best practices, guidelines and tools, we prepare a reference architecture for the solution in Azure, including, among other things, a network diagram, access and user identity management, failover security, encryption and monitoring of the environment and data.

Implementing this architecture enables efficient infrastructure management and operational optimization, while ensuring high data availability and security.

Contact us

Azure

Environmental assessment

We conduct a thorough inventory of the entire local infrastructure (Microsoft and Linux) on the basis of which, we prepare a report with a valuation of potential cloud costs and a recommendation of an implementation plan.
Contact us