← Back to articles Security

8 Best Practices for CISOs Conducting Risk Reviews

📅 April 30, 2026 · ⏱ 8 min read · ✍️ Souhaiel MORHAG · 👁 0 views ·
CISOrisk reviewssecurityCIS
8 Best Practices for CISOs Conducting Risk Reviews

Why This Matters

Conducting comprehensive risk reviews is a pivotal responsibility for Chief Information Security Officers (CISOs). The absence of a rigorous risk assessment can lead to significant vulnerabilities, exploited by attackers aiming to access sensitive data or disrupt operations. Frameworks such as CIS, NIST, and ISO 27001 highlight the necessity of structured security practices. Misconfigurations or outdated settings can break down at scale, leading to compliance failures or breaches flagged by auditors.

The Recommended Configuration

Regular Review Schedule

Set: Bi-annual audits

Why: Facilitates timely updates against emerging threats.

Default: Often neglected, risking outdated measures.

Risk Assessment Tools

Set: Utilize Microsoft's Secure Score guided setup

Why: Provides actionable insights and baseline recommendations.

Default: Infrequent or manual assessments miss critical risks.

Connect-MgGraph -Scopes 'SecurityEvents.Read.All' Get-SecurityAlert -Top 10

Multi-Factor Authentication (MFA)

Set: Enforce across all user accounts

Why: Critical for reducing unauthorized access risk.

Default: Often bypassed, leaving a significant vector open.

Implementation Checklist

  1. Set a review schedule: Navigate to Microsoft Security Center > Risk Management > Set review frequency.
    Verify: Check Next Scheduled Review date.
  2. Setup Secure Score: Go to Microsoft 365 Admin > Reports > Secure Score. Follow guided setup.
    Verify: Secure Score dashboard displays current status.
  3. Enforce MFA: Azure AD > Security > Conditional Access > Policies > Add new MFA policy for all users.
    Verify: Attempt an Azure sign-in requiring MFA.

Common Mistakes

  • Setting MFA without exclusions for service accounts.
  • Ignoring Secure Score recommendations.
  • Forgetting to communicate changes to all stakeholders before implementation.

Ongoing Monitoring

To ensure configurations remain intact, employ automated scripts for auditing. Regularly review logs using Kusto Query Language (KQL) for changes in security posture. Schedule quarterly reviews using Microsoft Graph API to detect and correct deviations.

Connect-MgGraph -Scopes 'SecurityEvents.Read.All'Get-AdvancedThreatProtectionReport |Select-Object date, riskLevel

🎓 Ready to go deeper?

Practice real MD-102 exam questions, get AI feedback on your weak areas, and fast-track your Intune certification.

Start Free Practice → Book a Session
Souhaiel Morhag
Souhaiel Morhag
Microsoft Endpoint & Modern Workplace Engineer

Souhaiel Morhag is a Microsoft Intune and endpoint management specialist with hands-on experience deploying and securing enterprise environments across Microsoft 365. He founded MSEndpoint.com to share practical, real-world guides for IT admins navigating Microsoft technologies — and built the MSEndpoint Academy at app.msendpoint.com/academy, a dedicated learning platform for professionals preparing for the MD-102 (Microsoft 365 Endpoint Administrator) certification. Through in-depth articles and AI-powered practice exams, Souhaiel helps IT teams move faster and certify with confidence.

Related Articles

Security

Quantum Computing vs M365 Encryption: Act Now

Google's quantum warnings and 'store now, decrypt later' attacks mean your M365 tenant's encryption strategy needs attention today — not in 2030.

📅 March 29, 2026 · ⏱ 8 min read
Security

9 Conditional Access Policies Most Admins Miss

Discover 9 critical Conditional Access policies most admins overlook — close the identity security gaps attackers actively exploit in Microsoft 365 tenants.

📅 March 23, 2026 · ⏱ 9 min read
Security

Security Dashboard for AI Is Now Generally Available: What CISOs and AI Risk Leaders Need to Know

Microsoft's Security Dashboard for AI is now GA. Here's what it covers, how to configure it, and why your CISO needs it in their toolkit today.

📅 March 20, 2026 · ⏱ 7 min read

Popular on MSEndpoint

Intune

Deploy Your Intune Environment in One Click

📅 April 16, 2026 · ⏱ 9 min read · 👁 715
Intune

Intune Win32 App Keeps Reinstalling? Fix the Endless Loop for Good

📅 January 26, 2026 · ⏱ 3 min read · 👁 526
Intune

Securing the Browser Era: How to Protect the Modern Workspace with Microsoft Intune and Edge

📅 March 20, 2026 · ⏱ 7 min read · 👁 509
Security

Security Dashboard for AI Is Now Generally Available: What CISOs and AI Risk Leaders Need to Know

📅 March 20, 2026 · ⏱ 7 min read · 👁 468