Assets
Internal IP’s
External IP’s
Network Devices – Switches \ Routers \ AP’s
Storage Devices
Hypervisor Versions

Business Process
New User and Leaver Guide
Password Management Tool
Vulnerability Management
Change Management

Data
DLP?
Review Permissions and Changes?
SAN? Storage Snapshots?
Security recommendations for Blob storage – Azure Storage | Microsoft Learn

Identity
Domain Admin Group
Stale Computer Accounts ( Not Disabled )
Stale User Accounts ( Not Disabled )
Protected Users?
SSO SAML for Apps
Password Policies
AADconnect Version
dcdiag
Risky Sign in behaviour Alerting
Device Compliance (assuming Microsoft Endpoint Manager (Intune) is in play)
Privileged Identity Management (PIM)
Accounts set to Not Expire


Servers
Backup? Monitoring \ Restores \ Item Level \ Notifications
Business RPO and RTO Sign off
LAPS?
Hypervisor Versions
Ilo? Versons
AV? EDR?
Warranty?
DR?
Monitoring Useage?
Licensing
GPOs and Best Prac
TLS 1.0\1.1
mDNS \ Netbios
WPAD
IPV6
Patching
HTTP Header

Network
Backup?
Make and Model of Network Devices ( AP’s \ Switches Routers ) \ Firmware Up To Date?
HA Hardware and Internet
Remote Access 2fa?
Least Privilege?
VLANS?
Web Filtering?
DDOS?
IPS?
Wireless Auth Radius? IDS \ IPS?
Firewall Rules
Internet Useage
Web browsers do not process web advertisements from the internet.
Pysical Access Control on Switches

Email
365 See Best Prac
Backup?
SPF\DKIM\Dmarc
SPAM Filter
Archive
Office Version

Workstations
AV? EDR?
Third Party App Updates
Bitlocker?
OneDrive?
Silverlight Installed?
Shadow IT?