TrustCyber is a Microsoft Security Risk Intelligence Platform that analyzes your Microsoft 365 security posture, identifies exposure across critical domains, and generates a prioritized remediation roadmap aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2.

How long does the security assessment take?

The TrustCyber risk assessment takes approximately 7 minutes to complete. No system access or technical expertise is required.

What security frameworks does TrustCyber align with?

TrustCyber assessments and remediation roadmaps are aligned with NIST CSF, CIS Controls, ISO 27001, and SOC 2 frameworks.

Does TrustCyber require access to my systems?

No. TrustCyber does not require direct access to your systems or infrastructure. The assessment is completed through a structured questionnaire.

Guides & Articles

Understanding Security Domain Scores

Learn what each of TrustCyber's 8 security domain scores measures, how they are calculated, and what steps will improve each score.

TrustCyber evaluates your Microsoft 365 security posture across 8 security domains. Each domain score is calculated from a set of Microsoft Graph security signals specific to that domain. Domain scores are combined into your overall Risk Score using a weighted average.

Identity & Access Management (Weight: 25%)

The Identity domain measures how well your organization controls access to systems and data. It is the highest-weighted domain because compromised identities are the leading cause of security breaches in Microsoft 365 environments.

MFA enrollment rate across all users and admins
Conditional Access policy coverage and enforcement
Privileged Identity Management (PIM) usage for admin roles
Legacy authentication protocol blocking
Risky sign-in detection and response

WarningIf MFA is not enforced for all admin accounts, your Identity score will be capped at 40 regardless of other controls. Admin account compromise is the most critical risk vector in Microsoft 365 environments.

Endpoint Protection (Weight: 20%)

The Endpoint domain measures the security of devices accessing your Microsoft 365 environment. It evaluates Microsoft Intune compliance policies, Microsoft Defender for Endpoint deployment, and patch management practices.

Email Security (Weight: 15%)

The Email domain measures protection against phishing, spoofing, and malware delivered via email. It evaluates DMARC, DKIM, and SPF configuration, Microsoft Defender for Office 365 policies, and safe attachment and safe link policies.

Data Governance (Weight: 15%)

The Data Governance domain measures how well your organization classifies, protects, and controls access to sensitive data. It evaluates Microsoft Purview sensitivity labels, Data Loss Prevention (DLP) policies, and external sharing controls in SharePoint and OneDrive.

Cloud Configuration (Weight: 10%)

The Cloud Configuration domain measures the security of your Azure AD and Microsoft 365 tenant configuration. It evaluates Azure AD security defaults, tenant-level security settings, and risky user detections from Azure AD Identity Protection.

Backup & Recovery (Weight: 5%)

The Backup & Recovery domain measures your organization's ability to recover from data loss events, including ransomware attacks. It evaluates OneDrive versioning settings, Exchange Online backup configuration, and documented recovery procedures.

Incident Response (Weight: 5%)

The Incident Response domain measures your organization's preparedness to detect and respond to security incidents. It evaluates Microsoft Sentinel integration, security alert response times, and documented incident response procedures.

Compliance & Governance (Weight: 5%)

The Compliance & Governance domain measures your organization's alignment with regulatory requirements and internal governance policies. It evaluates Microsoft Compliance Manager score, audit log retention settings, and eDiscovery readiness.

← PreviousHow TrustCyber Calculates Risk ScoresGuides & Articles

Next →How to Interpret Your Risk ReportGuides & Articles