Measuring What Matters: M365 Security Assessment for a Queensland Health Organisation

Company:

A Queensland Health Organisation

Industry:

Healthcare

Location:

Queensland, Australia

Services Offered:

Microsoft 365 Security Assessment · Monthly Security Reporting · Secure Score Tracking · Configuration Risk Review · Prioritised Recommendation Backlog

Queensland Health Organisation Gains Measurable Microsoft 365 Security Posture with Technowand

A Queensland-based health organisation delivering essential community health services across multiple sites needed confidence that its Microsoft 365 environment was truly protecting sensitive health information. With 160+ active users and 160 managed endpoints, and strict obligations under the Australian Privacy Act and Notifiable Data Breaches (NDB) scheme, leadership required clear evidence of their security posture — not just assumptions.

Despite already using Microsoft 365, the organisation had no structured way to measure security effectiveness, quantify risk, or prioritise remediation. They engaged Technowand to establish a measurable baseline and deliver a clear, prioritised roadmap to close every gap.

---

The Challenge

Microsoft 365 was in place and many security features were active, but there was no framework to:

  • Benchmark security posture against Microsoft’s recommended controls
  • Quantify risk in a way leadership could understand
  • Prioritise which actions would have the greatest impact

At the start of the engagement, the organisation’s Microsoft Secure Score was 53.7% of its maximum — meaning nearly half of Microsoft’s recommended controls were not yet implemented. For a health organisation with mandatory breach reporting obligations, this was more than a technical issue; it represented a material compliance and reputational risk.

Key issues identified at the outset included:

  • No centralised view of daily email threats being blocked
  • Limited visibility into device compliance and encryption across 160 endpoints
  • External file sharing configured to allow access for anyone
  • An active email forwarding rule on an administrative account
  • No executive-level reporting to give leadership confidence in the organisation’s security standing

---

What Working With Technowand Looks Like

Technowand’s Microsoft 365 Security Assessment is designed to be low-friction and non-disruptive:

  • Access model: Read-only access only (Global Reader role) to the Microsoft 365 admin portal
  • No agents or changes: No software installations, no configuration changes, and no impact on day-to-day users
  • Timeline: Full assessment typically completed within 2–3 weeks

At the end of the assessment, the organisation receives:

  • A Secure Score baseline across all five Microsoft security domains
  • Email threat activity analysis for the assessment period
  • Security incident review with timelines and resolution status
  • Endpoint compliance and encryption audit across the full device fleet
  • Configuration risk findings with specific remediation guidance
  • A prioritised remediation roadmap, ranked by Secure Score impact

Technowand then partners with the organisation to close each gap in order of impact, ensuring the most valuable improvements are addressed first.

---

The Assessment

Technowand conducted a comprehensive Microsoft 365 security assessment across identity, email, endpoints, and data protection. Every finding was documented with context and a clear recommended action, giving both technical teams and leadership a shared, actionable view of risk.

Secure Score Baseline

  • Assessed posture across all five Microsoft security domains
  • Established the organisation’s first measurable benchmark against Microsoft’s recommended controls

Email Threat Visibility

  • Surfaced the full picture of email-based threats being blocked daily
  • Analysed quarantined messages, spam, phishing attempts, and malware
  • Enabled leadership to see, for the first time, the scale of what Microsoft 365 was intercepting on their behalf

Security Incident Review

  • Reviewed all Microsoft Defender incidents in the environment
  • Analysed timelines, threat classifications, and resolution status
  • Identified two active incidents requiring immediate attention

Endpoint Compliance Audit

  • Audited all Intune-enrolled devices across Windows and Android
  • Assessed compliance policy status, BitLocker encryption coverage, and endpoint health
  • Mapped the full fleet of 160 devices for encryption and compliance status

Configuration Risk Identification

Technowand identified three high-priority configuration risks:

  • External file sharing open to anyone
  • Email forwarding rule on an admin account
  • Permissive Teams external domain access

Each was escalated with specific, actionable remediation steps.

Prioritised Remediation Roadmap

  • Delivered 124 ranked recommendations with associated Secure Score point values
  • Highlighted 350+ additional Secure Score points within reach
  • Enabled the organisation to close gaps in a structured, impact-driven order

---

What the Assessment Found

The assessment delivered visibility the organisation had never had before:

  • Secure Score at 56.5% of maximum
    • Nearly half of Microsoft’s recommended controls still not in place
    • Over 350 additional points achievable with targeted remediation
  • Email threat landscape (one-month snapshot):
    • 1,354 emails quarantined
    • 592 spam emails blocked
    • 130 phishing attempts blocked
    • Zero malware reached inboxes — Defender for Office 365 blocked all malicious attachments pre-delivery
  • Security incidents:
    • 21 security incidents identified
    • 19 resolved, 2 requiring immediate action
  • Endpoint posture:
    • 160 devices mapped and audited
    • Encryption and compliance status documented across Windows and Android
  • Configuration risks:
    • 3 high-priority configuration risks surfaced and escalated with remediation guidance
  • Roadmap:
    • 124-item remediation roadmap delivered, ranked by impact and Secure Score uplift

---

In Their Words

“We knew Microsoft 365 was running, but we genuinely had no idea what was being blocked or what gaps existed in our environment. The assessment gave us a complete picture for the first time — the threats, the risks, and exactly what to prioritise. It changed how our leadership team thinks about security.”
— Senior Leader, Queensland Health Organisation

---

Know Where You Stand

If your organisation is running Microsoft 365 but lacks clear visibility into how effectively it is protecting you — and you operate under the Privacy Act or the NDB scheme — a Technowand Microsoft 365 Security Assessment gives you:

  • The answer: a measurable, evidence-based view of your current security posture
  • The evidence: detailed findings across identity, email, endpoints, and data protection
  • The roadmap: a prioritised, Secure Score–driven plan to close every gap we find

Talk to the Technowand team to understand your true Microsoft 365 security posture and build a clear, actionable path to improvement.

Don't Let Your Tech Hold You Back!

If your systems are struggling and your team's feeling it, you don't have to settle. Let Technowand help you modernize, secure, and scale without the stress.

Let's Talk

Related Case Studies

Do You Know Your Essential Eight Maturity Level? ACT Not-for-Profit Gets Its Answer

IT That Restores Efficiency: Pistol Australia Story

IT That Restores Efficiency: Pistol Australia Story