Part 2: Assessing Your Cyber Posture – Where Are You Today?

“Before the audit, comes the mirror.”

Are you ready to face your cyber reflection? With the UK Cyber Security and Resilience Bill on the horizon, organisations of all sizes are soon to be held to a higher standard. But here’s the thing: compliance is never the goal, resilience is. And before any formal audit, the best thing you can do is take a long, hard look in the mirror.

So, where do you stand today? This post guides you through a baseline assessment using the NCSC Cyber Assessment Framework (CAF), alongside Microsoft tools that make this process easier, measurable, and repeatable.

Why Perform a Baseline Assessment?

Let’s get real: 80% of UK businesses faced a cyber-attack last year (source: UK Gov Cyber Security Breaches Survey 2024). Of those, 31% admitted they had gaps in basic controls.

Waiting for an external audit to uncover these weaknesses? That’s a costly gamble.

A baseline assessment helps you:

  • Understand your current cyber posture.
  • Identify gaps before they become compliance risks.
  • Create a clear action plan aligned with CAF principles.

Step-by-Step: Your CAF-Based Self-Assessment

1. Understand the CAF Structure

The Cyber Assessment Framework is built around 4 objectives, 14 principles, and outcomes. Think of it as the “what good looks like” for cybersecurity in the UK.

  • Objective A: Managing Security Risk
  • Objective B: Protecting Against Cyber Attack
  • Objective C: Detecting Cyber Security Events
  • Objective D: Minimising the Impact of Incidents

The goal? Assess yourself against each principle.

2. Objective A: Managing Security Risk

Using Secure Score provides a quantifiable measurement of your security posture across Microsoft 365, Azure and hybrid environments.

  • Where to find it:

    • M365 Admin Center → Endpoint → Secure Score
    • Azure Portal → Defender for Cloud → Secure Score
  • What it gives you:

    • A percentage score showing how well you’re aligned with security best practices.
    • Actionable recommendations to close gaps.

Tip: Many of Secure Score’s controls align with CAF’s Objective B (Protecting Against Cyber Attack).

Leverage a Compliance Solution

For compliance posture and CAF alignment, unfortunately, the Compliance Manager from Microsoft will not help here. Compliance Manager will help you with a Data Protection Baseline assessment from a data protection/governance which draws from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization), as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union). There are several assessment templates available but please check your entitlements before proceeding. As a side note, there are many solutions on the market open source, subscription and licensed which could also help here too. It’s best to find a solution (if required) that fits your needs so make sure you do your homework beforehand.

If Microsoft Compliance Manager fits your needs you can find it within the Microsoft Purview Compliance Portal then select Compliance Manager.

A full list of Compliance Assessments that Microsoft provides can be found here.

3. Objective B: Protecting Against Cyber Attack

While Secure Score gives you a solid starting point, visibility without action is like a knight without a sword. Microsoft Defender tools turn insight into impact, helping you not only see the risks, but proactively reduce them across identities, devices, email, and cloud services. These tools are your front-line shields and blades in the battle to meet CAF’s protection and response objectives.

Tool Role
Defender for Endpoint Device hardening, automated investigation, attack surface reduction
Defender for Office 365 Phishing, malware, impersonation protection
Defender for Cloud Multicloud posture management, Secure Score integration, alerting

Use Microsoft 365 Lighthouse for aggregated views if managing multiple tenants (ideal for MSPs).

4. Objective C: Detecting Cyber Security Events

Even the strongest fortress needs vigilant watchtowers. Microsoft Sentinel acts as your all-seeing eye, scanning the horizon for signs of trouble. Built to support CAF’s detection objectives, Sentinel collects signals across your digital estate, uncovers hidden threats, and empowers your defenders to respond swiftly, before small skirmishes become full-blown sieges.

Microsoft Sentinel provides:

  • Unified SIEM/SOAR for M365, Azure, and external logs.
  • Custom KQL analytics rules and threat detection.
  • Native support for MITRE ATT&CK mapping.

Use out-of-the-box rule templates to simulate common attack chains.

5. Objective D: Minimising the Impact of Incidents

When the dust settles, resilience can be measured by how quickly you rise. Microsoft Purview and Backup ensure that your kingdom’s records are preserved and your critical systems can be restored, even after a breach. Aligned with CAF’s response and recovery principles, these tools help you maintain continuity, preserve evidence, and bounce back stronger from any cyber assault.

Retain & Recover with Microsoft Purview and Backup

  • Use Microsoft Purview Audit to ensure log retention and investigation capabilities.
  • Leverage Microsoft 365 Backup for reliable data recovery across SharePoint, Exchange, and OneDrive.
  • Enable Defender automatic response actions (isolation, remediation, kill chain disruption).

Objective B can also help with this objective!

7. Summary: Microsoft Tool Mapping to CAF

Every knight needs a reliable map, one that charts the terrain, highlights vulnerabilities, and guides strategic moves. In the journey from assessment to resilience, understanding how your tools align with the NCSC Cyber Assessment Framework is essential. Microsoft’s ecosystem offers a powerful arsenal, but knowing which tool supports which objective is what transforms effort into impact.

This summary distils the earlier sections into a clear visual reference, mapping each CAF objective to the Microsoft solutions that support it. Whether you’re managing risk, detecting intrusions, or recovering from an incident, this is your tactical guide to strengthening cyber defences, one domain at a time.

CAF Objective Principle Summary Microsoft Tools
A – Risk Management Governance, risk ownership, supply chain, asset management Secure Score, Microsoft Compiance Manager
B – Protect Device, identity, access, data, and service protection Defender for Cloud, Defender for Endpoint, Defender for Office 365, Microsoft Secure Score
C – Detect Detecting threats & anomalies, monitoring Microsoft Sentinel, Microsoft Defender XDR
D – Respond Response planning, continuity, restoration Purview Audit, M365 Backup, Microsoft Defender automation

6. Fill the Gaps with Open Source (Where Needed)

Microsoft covers a lot, but cybersecurity is layered. For niche areas potentially consider:

Need Open Source Tools
Asset Inventory GLPI, Snipe-IT
Network Security Monitoring Zeek, Suricata
  • Asset Inventory:

    • Use GLPI or Snipe-IT (both open-source) to track assets.
  • Network Security Monitoring:

    • Use Zeek to compliment Sentinel and Defender XDR by providing context-rich traffic insights that traditional firewalls and endpoint tools might miss.

Final Thoughts: Be Your Own Auditor (First)

No knight rides into battle without checking their armour.

Before a regulator comes knocking, or before NIS2 obligations catch up with you, run a self-assessment, align with the CAF, and build a remediation plan using Microsoft-native tools backed by automation.

📚 Further Reading

🔐 Microsoft Secure Score

🛡 Microsoft Defender Tools

👁️ Microsoft Sentinel

🧾 Microsoft Purview & Backup

🔧 Microsoft Compliance & Risk

🔄 General Security & Governance

Posts in this series

Related Posts

comments