Part 2: Assessing Your Cyber Posture – Where Are You Today?
“Before the audit, comes the mirror.”
Are you ready to face your cyber reflection? With the UK Cyber Security and Resilience Bill on the horizon, organisations of all sizes are soon to be held to a higher standard. But here’s the thing: compliance is never the goal, resilience is. And before any formal audit, the best thing you can do is take a long, hard look in the mirror.
So, where do you stand today? This post guides you through a baseline assessment using the NCSC Cyber Assessment Framework (CAF), alongside Microsoft tools that make this process easier, measurable, and repeatable.
Why Perform a Baseline Assessment?
Let’s get real: 80% of UK businesses faced a cyber-attack last year (source: UK Gov Cyber Security Breaches Survey 2024). Of those, 31% admitted they had gaps in basic controls.
Waiting for an external audit to uncover these weaknesses? That’s a costly gamble.
A baseline assessment helps you:
- Understand your current cyber posture.
- Identify gaps before they become compliance risks.
- Create a clear action plan aligned with CAF principles.
Step-by-Step: Your CAF-Based Self-Assessment
1. Understand the CAF Structure
The Cyber Assessment Framework is built around 4 objectives, 14 principles, and outcomes. Think of it as the “what good looks like” for cybersecurity in the UK.
- Objective A: Managing Security Risk
- Objective B: Protecting Against Cyber Attack
- Objective C: Detecting Cyber Security Events
- Objective D: Minimising the Impact of Incidents
The goal? Assess yourself against each principle.
2. Objective A: Managing Security Risk
Using Secure Score provides a quantifiable measurement of your security posture across Microsoft 365, Azure and hybrid environments.
-
Where to find it:
- M365 Admin Center → Endpoint → Secure Score
- Azure Portal → Defender for Cloud → Secure Score
-
What it gives you:
- A percentage score showing how well you’re aligned with security best practices.
- Actionable recommendations to close gaps.
Tip: Many of Secure Score’s controls align with CAF’s Objective B (Protecting Against Cyber Attack).
Leverage a Compliance Solution
For compliance posture and CAF alignment, unfortunately, the Compliance Manager from Microsoft will not help here. Compliance Manager will help you with a Data Protection Baseline assessment from a data protection/governance which draws from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization), as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union). There are several assessment templates available but please check your entitlements before proceeding. As a side note, there are many solutions on the market open source, subscription and licensed which could also help here too. It’s best to find a solution (if required) that fits your needs so make sure you do your homework beforehand.
If Microsoft Compliance Manager fits your needs you can find it within the Microsoft Purview Compliance Portal then select Compliance Manager.
A full list of Compliance Assessments that Microsoft provides can be found here.
3. Objective B: Protecting Against Cyber Attack
While Secure Score gives you a solid starting point, visibility without action is like a knight without a sword. Microsoft Defender tools turn insight into impact, helping you not only see the risks, but proactively reduce them across identities, devices, email, and cloud services. These tools are your front-line shields and blades in the battle to meet CAF’s protection and response objectives.
Tool | Role |
---|---|
Defender for Endpoint | Device hardening, automated investigation, attack surface reduction |
Defender for Office 365 | Phishing, malware, impersonation protection |
Defender for Cloud | Multicloud posture management, Secure Score integration, alerting |
Use Microsoft 365 Lighthouse for aggregated views if managing multiple tenants (ideal for MSPs).
4. Objective C: Detecting Cyber Security Events
Even the strongest fortress needs vigilant watchtowers. Microsoft Sentinel acts as your all-seeing eye, scanning the horizon for signs of trouble. Built to support CAF’s detection objectives, Sentinel collects signals across your digital estate, uncovers hidden threats, and empowers your defenders to respond swiftly, before small skirmishes become full-blown sieges.
Microsoft Sentinel provides:
- Unified SIEM/SOAR for M365, Azure, and external logs.
- Custom KQL analytics rules and threat detection.
- Native support for MITRE ATT&CK mapping.
Use out-of-the-box rule templates to simulate common attack chains.
5. Objective D: Minimising the Impact of Incidents
When the dust settles, resilience can be measured by how quickly you rise. Microsoft Purview and Backup ensure that your kingdom’s records are preserved and your critical systems can be restored, even after a breach. Aligned with CAF’s response and recovery principles, these tools help you maintain continuity, preserve evidence, and bounce back stronger from any cyber assault.
Retain & Recover with Microsoft Purview and Backup
- Use Microsoft Purview Audit to ensure log retention and investigation capabilities.
- Leverage Microsoft 365 Backup for reliable data recovery across SharePoint, Exchange, and OneDrive.
- Enable Defender automatic response actions (isolation, remediation, kill chain disruption).
Objective B can also help with this objective!
7. Summary: Microsoft Tool Mapping to CAF
Every knight needs a reliable map, one that charts the terrain, highlights vulnerabilities, and guides strategic moves. In the journey from assessment to resilience, understanding how your tools align with the NCSC Cyber Assessment Framework is essential. Microsoft’s ecosystem offers a powerful arsenal, but knowing which tool supports which objective is what transforms effort into impact.
This summary distils the earlier sections into a clear visual reference, mapping each CAF objective to the Microsoft solutions that support it. Whether you’re managing risk, detecting intrusions, or recovering from an incident, this is your tactical guide to strengthening cyber defences, one domain at a time.
CAF Objective | Principle Summary | Microsoft Tools |
---|---|---|
A – Risk Management | Governance, risk ownership, supply chain, asset management | Secure Score, Microsoft Compiance Manager |
B – Protect | Device, identity, access, data, and service protection | Defender for Cloud, Defender for Endpoint, Defender for Office 365, Microsoft Secure Score |
C – Detect | Detecting threats & anomalies, monitoring | Microsoft Sentinel, Microsoft Defender XDR |
D – Respond | Response planning, continuity, restoration | Purview Audit, M365 Backup, Microsoft Defender automation |
6. Fill the Gaps with Open Source (Where Needed)
Microsoft covers a lot, but cybersecurity is layered. For niche areas potentially consider:
Need | Open Source Tools |
---|---|
Asset Inventory | GLPI, Snipe-IT |
Network Security Monitoring | Zeek, Suricata |
-
Asset Inventory:
- Use GLPI or Snipe-IT (both open-source) to track assets.
-
Network Security Monitoring:
- Use Zeek to compliment Sentinel and Defender XDR by providing context-rich traffic insights that traditional firewalls and endpoint tools might miss.
Final Thoughts: Be Your Own Auditor (First)
No knight rides into battle without checking their armour.
Before a regulator comes knocking, or before NIS2 obligations catch up with you, run a self-assessment, align with the CAF, and build a remediation plan using Microsoft-native tools backed by automation.
📚 Further Reading
🔐 Microsoft Secure Score
🛡 Microsoft Defender Tools
- Microsoft Defender for Endpoint Overview
- Microsoft Defender for Office 365
- Microsoft Defender for Cloud
- Microsoft 365 Lighthouse
👁️ Microsoft Sentinel
🧾 Microsoft Purview & Backup
🔧 Microsoft Compliance & Risk
🔄 General Security & Governance
- Microsoft Zero Trust Architecture
- Security and Compliance in Microsoft 365
- Microsoft Cybersecurity Reference Architecture
- CAF Overview – NCSC
Posts in this series
- Part 3: The Redo Aka NCSC CAF Demystified
- Part 2: Assessing Your Cyber Posture – Where Are You Today?
- The Big Shift - UK Cybersecurity Resilience Bill