Application control
Review of Windows Defender Application Control (WDAC), managed installer trust, and Intelligent Security Graph configuration across managed endpoints.
Cyber security assessment · Essential Eight baseline
Essential Eight baseline assessment for Australian organisations
A practical, Microsoft-centred review of your cyber security baseline across identity, endpoints, patching, macros, administrative privileges, and backups — mapped to the Australian Signals Directorate Essential Eight.
Understand your baseline before your next insurance renewal, audit, tender, or security investment. No hype, no fear, just a clear plan.
The eight controls we assess
We review each of the eight mitigation strategies against indicators for Maturity Level 1, Level 2, and Level 3, and translate the findings into a practical uplift plan.
Patch applications
Assessment of update cadence for browsers, Office, PDF readers, and other internet-facing applications across the Microsoft 365 estate.
Configure Microsoft Office macro settings
Review of macro execution policies, ActiveX controls, Protected View, and trusted document handling across Microsoft 365 Apps.
User application hardening
Browser hardening for Chrome and Edge — SmartScreen, popup blocking, telemetry, Internet Explorer disablement, and intrusive ad controls.
Restrict administrative privileges
Review of privileged role assignments in Microsoft Entra, Privileged Identity Management, and separation of admin and standard user accounts.
Patch operating systems
Windows Update for Business configuration, feature update rings, delivery optimisation, and test ring deployment for managed devices.
Multi-factor authentication
MFA coverage, authentication strength, and Conditional Access posture across all users — including phishing-resistant methods where applicable.
Regular backups
Review of backup coverage for Microsoft 365 data, Azure workloads, and on-premises systems — including restore testing and retention.
What you receive
A clear baseline, not a sales pitch
The assessment is designed to give you something useful you can act on — even if you choose not to proceed with uplift work.
- A written Essential Eight baseline report aligned to the eight controls
- A maturity view across Maturity Level 1, Level 2, and Level 3 indicators
- A gap analysis covering identity, endpoints, patching, macros, and backups
- A prioritised uplift roadmap tied to Microsoft 365 and Azure capabilities
- Evidence preparation notes for cyber insurance renewals and audits
- A discovery call to walk through findings and recommended next steps
This is an assessment, not a certification. Mycelium 365 helps you prepare a defensible baseline. Final insurance, audit, or regulatory outcomes are determined by the relevant insurer or authority.
Who this is for
The Essential Eight baseline assessment suits organisations that want clarity on their cyber security posture before the next deadline.
Teams renewing cyber insurance
Insurer questionnaires keep getting harder. You need a clear, evidence-backed view of MFA, patching, admin privileges, and backups before renewal.
Organisations preparing for audit or tender
You have an audit, supplier due diligence questionnaire, or tender response ahead and need a structured baseline you can show.
Microsoft 365 and Azure customers
You already invest in Microsoft 365, Entra, Intune, Defender, and Azure Backup and want a baseline assessed using the tooling you already own.
Boards and leadership teams
You need an honest, plain-English view of current cyber security posture and where to invest first — without hype or fear.
How the assessment works
A short, structured engagement designed to give you clarity quickly — without disrupting your team.
01
Discovery call
A short conversation to understand your environment, current Microsoft 365 footprint, upcoming insurance or audit deadlines, and where you want to land.
02
Baseline review
We review your Microsoft 365 tenant, Entra identity posture, Intune endpoint policies, Defender configuration, and backup coverage against the Essential Eight.
03
Findings and roadmap
You receive a written baseline report, a gap analysis, and a prioritised uplift roadmap mapped to Microsoft 365 and Azure capabilities.
04
Walkthrough
We walk through the report with your team, answer questions, and agree on the next practical steps — uplift, advisory, or a managed engagement.
Business outcomes
The outcomes we focus on when an Essential Eight baseline assessment is delivered well.
A clear baseline
You know where you sit against each of the eight controls and what should be uplifted first.
Evidence that holds up
Findings are documented in a format you can use for cyber insurance renewals, audits, and tender responses.
More value from existing investment
Microsoft 365, Entra, Intune, Defender, and Azure Backup are configured to support the controls you already pay for.
Leadership confidence
Boards and leadership teams get a plain-English view of cyber security posture and a practical uplift plan.
Related services
The Essential Eight baseline assessment sits alongside our advisory, Microsoft 365, and cyber security services.
Advisory servicesGovernance and compliance readinessTechnology roadmapCyber insurance controls reviewModern workplace auditMicrosoft 365 servicesMicrosoft Entra and identityMicrosoft IntuneMicrosoft DefenderAzure BackupDefence and Defence Contractors
Last Updated:
