SalienceNotes.dev

SaaS Security Posture Management (SSPM) for M365

How a CASB-based SSPM capability helped bring visibility, control, and assurance to Microsoft 365 security posture.

Ye Soe · 2 min read
Contents

Category

Article

Tags

sspmm365casbcloud security

Contents

Project Summary

I worked on this project back in 2022. It was a technology implementation project leaving a feature in the CASB product called SaaS Security Posture Management (SSPM).

Problem Statement

The Microsoft 365 services (M365) environment is a high-risk environment because it holds confidential data and possibly highly sensitive data in services like SharePoint, Teams, and Exchange Online.

Those confidential data and/or highly sensitive data can be exposed or leaked due to misconfigurations.

Prior to this, there was no mechanism, either manual or automated, to check M365 configurations against a defined security baseline such as CIS.

The gap was not just technology. It was visibility, control, and assurance.

High Level Architecture

The diagram below shows the logical architecture for SSPM and Inline DLP across Microsoft 365, Skyhigh Security Cloud, Security Operations, and Administration.

Logical architecture of Skyhigh SSPM and Inline DLP for Microsoft 365

Key Design Decisions

  • Cost Optimization: The project leveraged the organisation’s existing Skyhigh CASB subscription rather than purchasing a new, dedicated SSPM tool.
  • Strategic Scope: SSPM was focused on Microsoft 365 because it handles confidential data and has established CIS benchmarks for detailed security audits.
  • Seamless Connectivity: The decision to use API-based integration ensures secure, bi-directional communication between platforms without complex infrastructure changes.
  • Safety-First Remediation: The system is configured to report violations for manual administrator intervention to avoid the risk of automated changes causing service disruptions.

Outcome

The project delivered a fully automated security monitoring cycle that scans the Microsoft 365 environment every 24 hours for potential risks. With Inline DLP now active, all outbound emails are inspected in real time, significantly reducing the risk of data leaks. Security teams now have centralised visibility through the Skyhigh Security Portal, allowing them to manage incidents and maintain a strong security posture across all cloud services.