Education

FERPA isn't just a privacy law. It's a tenant configuration problem.

FERPA, GLBA, HECVAT, NIST CSF, and NIST 800-171 evidence for schools and research institutions running Microsoft 365.

Answer first

Short answer

FERPA, GLBA, HECVAT, NIST CSF, and NIST 800-171 evidence for schools and research institutions running Microsoft 365.

365 Security Assessment focuses on Microsoft 365 and Azure security posture, prioritized findings, executive reporting, and remediation-ready guidance for teams evaluating this topic.

  • Who it helpsMSPs, IT leaders, security teams, and Microsoft 365 administrators
  • What you getClear context for evaluating Microsoft 365 and Azure security risk
  • Next stepSee the sample report

Answer first

Short answer

Education teams can assess Microsoft 365 identity, sharing, email, Teams, audit, and Azure configuration against student-data and research-data obligations.

Who it helpsSecurity, compliance, MSP, and IT leaders.
What you getEvidence-backed Microsoft 365 posture answers.
Next stepBook a walkthrough.

Why this matters for education

FERPA enforcement is configuration-driven

Student records leak through sharing defaults, stale accounts, mail forwarding, and unmanaged collaboration.

Student-account hygiene changes every semester

Guests, alumni, adjuncts, and service accounts need lifecycle review before they become standing access.

Research data needs classification

Grant-funded and regulated research can pull NIST 800-171, GLBA, and contractual controls into M365.

What we audit

Identity & SSO

MFA gaps, privileged roles, lifecycle hygiene, and Conditional Access coverage.

Email & Student Data

Exchange rules, mailbox audit posture, spoofing controls, and DLP coverage.

SharePoint & OneDrive Sharing

External sharing edges, sensitive-data exposure, and permission inheritance.

Teams Classroom Governance

Guests, channels, Teams app consent, and owner sprawl.

Audit Logging

Unified audit, retention posture, and evidence availability.

Azure Infrastructure

RBAC, network exposure, storage posture, and policy gaps.

Compliance coverage

FERPA · GLBA for student loans · HECVAT · NIST CSF · NIST 800-171 for research institutions · SOC 2 · ISO 27001. Use the Compliance Crosswalk to map one control to many obligations.

Reports that map to education

Start with the Executive Scorecard, User Access Review, SharePoint Data Classification Report, DLP evidence, and Compliance Readiness Report. Browse all 42 reports.