Uncover hidden threats in your Microsoft 365 environment and protect sensitive data

Mixed race group of doctors meeting in lobby of la 2022 03 04 02 13 13 utc

Did you know that default Microsoft 365 configurations are inherently insecure?

Because Microsoft 365 often hosts critical and sensitive organization and patient data, it is often exploited by malicious attackers. Relying on default security configurations creates a large, unmitigated attack surface for healthcare companies and their patients.

Healthcare organizations must address cybersecurity beyond compliance. Echelon can help improve your security posture by securing systems and technologies that protect patient data, while complying with all mandates and regulations in a practical manner.

We secure overlooked Microsoft 365 security risks to reduce your attack surface

Healthcare records and databases are among the most coveted of targets because they contain all the details needed to steal an identity. As our healthcare systems become increasingly interconnected, our detailed personal data has moved far beyond paper files.

When healthcare systems are compromised, some of our most private and sensitive information can be exposed. With the increased connectivity of medical devices, it can also leave patients exposed to direct life-threatening attacks.

Even in mature organizations, we commonly find critical issues that open the potential for data disclosure, policy violations, and potential compromise. In many cases, these attack vectors are well-known and easy to exploit.

Security risks we commonly uncover include:

  • Over-exposed or publicly available content
  • Over-delegated permissions, including users having unnecessary admin rights and privileges to access data and change configuration
  • Insecure default configurations​, which can allow for data exfiltration via power shell by a standard, non-administrative user
  • Legacy protocol access​ that can bypass multifactor authentication, enabled by default
  • Lack of inspection and visibility into risky logon events and application usage

Reach out to us for more information


Level-up your Microsoft 365 security for the long term


Our unique approach to Microsoft Security Review combines our full scope of expertise as offensive security operators, defensive security engineers and strategic cybersecurity advisors to deliver a comprehensive evaluation of your Microsoft 365 and Azure AD environments from certified experts with extensive knowledge of these technologies and thee healthcare industry.


Our most updated knowledge of features and security updates to the platform, combined with our deep understanding of the ways Microsoft 365 can be compromised from an attacker’s perspective, allows us to offer sound security advice that is up to date with current known and unknown attack paths.


Our holistic assessment approach goes beyond providing yet another ‘to-do’ list of vulnerabilities to remediate. Our services empower your team to take advantage of capabilities within your Office 365 tenant to mitigate risk and maximize your existing investments for the long-term.

What’s included in our MS 365 security assessment

We inspect hundreds of controls, including (but not limited to):

  • Authentication mechanisms, password policies, and protocols
  • Azure Active Directory security controls
  • Application permissions within your MS 365 tenant
  • Data management features, including Data Loss Prevention (DLP) policies
  • MS Exchange (email) security controls and features
  • Auditing controls and policies
  • Data storage policies, such as sharing policies and permissions
  • Mobile device management capabilities

Learn more about our detailed and personalized MS 365 assessment



With the expert guidance we provide, you’ll be able to:

  • Make the best decisions surrounding your Microsoft Office 365 licensing strategy
  • Gain increased visibility and confidence with your IT investments
  • Evaluate licensed functionality to make the best decisions surround your licensing strategy
  • Gain visibility into insecure default configurations
  • Prioritize risks based on severity
  • Understand the business impact of any remediation steps required
  • Increase the protection of your Microsoft Office 365 environment
  • Reduce the workload for your internal security team


We won’t tie up your IT and Security resources

We deliver our services via a streamlined process that won’t tie up your IT and security resources. We communicate at every step of the way as we deliver:

Project planning and execution

Remotely delivered assessments, requiring only the most basic ‘read-only’ access provisions

Detailed reports that provide problem descriptions, rational statements, risk rankings, and remediation advice

Operational overviews of MS 365 environment to add value to IT and security teams

Guided remediation assistance as needed, to help you achieve measurable security improvements

Reach out to us for more information



Mobilize our interdisciplinary team of certified cyber experts

Our seasoned team of certified Microsoft 365 experts, cybersecurity consultants and white-hat hackers will use the most advanced tactics, techniques, and procedures to put your organization networks and systems to the test. 


Get this team on your team!

Jeff Hoge

Jeff Hoge has worked in IT for 18 years, including network engineering and systems administration. Most recently, he implemented and led the information security program at a regional healthcare insurer. His passion is helping individuals and organizations better defend themselves from cyber threats with an empathetic, relationship-oriented approach. Jeff currently serves as the Vice-President of the Triad of NC ISSA chapter and loves spending time with his four children.


  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Ethical Hacker (CEH)
  • EC-Council Certified Incident Handler (ECIH)
  • CompTIA Project+
  • Cisco Certified Network Associate (CCNA)

Paul Matvey is a Cybersecurity Manager at Echelon with over 15 years of experience in IT Infrastructure design and management with a focus in cybersecurity. Prior to joining Echelon, he was the Director of IT and Cybersecurity Operations of a major professional services firm, and a Senior Systems Integrator at one the region's largest Managed Services Providers.


  • CompTIA A+
  • CompTIA Network+
  • Microsoft Certified Professional

How we’re different

Navigating the cybersecurity landscape can be very confusing and overwhelming without the right experience and guidance. A trusted and honest partner can help you to define your cybersecurity and technology risk strategies with confidence. We set ourselves apart from our competition by focusing on relationships and service above all.

LASER FOCUSED: Cyber is all we do. We have combined 100+ years of cyber security experience.

MISSION + VALUES DRIVEN: We believe that security and privacy are basic human rights.

TAILORED SOLUTIONS + OUTCOMES: We deeply understand cyber threats that affect you most.

CYBER COMMUNITY LEADERSHIP: We give back to the cyber community with cutting-edge thought leadership.

Are you ready to get started?
Latest Intelligence