Phoenix - Your AI AssistantRisk Report for Open-Source Microsoft 365 MSP Tool
- Posted:
- Proposals: 10
- Remote
- #4374741
- OPPORTUNITY
- Expired
Zurich 
Description
Experience Level: Expert
Security Audit & Risk Report for Open-Source Microsoft 365 MSP Tool (CIPP)
We are a UK-based Managed Services Provider (MSP) currently assessing a powerful open-source tool called CIPP (Central Identity Policy Platform) for managing multiple Microsoft 365 tenants.
As part of our onboarding and internal governance process, we need a consultant or developer to perform a code-level security and deployment review, produce a formal risk report, and optionally assist with deployment and integration.
This is a short-term engagement with the potential for ongoing work.
Project Scope – Phase One:
Review the CIPP source code (Python-based) for potential security flaws, malicious code, or poor practices.
Assess use of GDAP/DAP permissions and delegated access models.
Audit configuration files and deployment methods (Docker-based).
Evaluate dependency and supply chain risks (e.g., Python packages).
Provide a formal written report that includes:
Risk summary and threat assessment
Technical findings and recommendations
Executive-friendly summary
Skills Required:
Python (secure coding & open-source auditing)
Microsoft 365 / Azure AD administration
Experience with GDAP/DAP and Microsoft Graph API
Docker and container security
Familiarity with security standards (e.g., OWASP, Cyber Essentials, ISO 27001)
Deliverables:
Written risk assessment report (PDF or Word)
Summary of recommendations
(Optional) deployment assistance and SIEM integration guidance
To ideally,
Please Answer:
Have you audited open-source tools or Python applications before? If so, please provide examples.
Do you have experience working with Microsoft 365 APIs or delegated admin access (GDAP/DAP)?
Are you comfortable reviewing Docker/container deployment security?
Can you provide a sample or outline of a previous risk report or security assessment you've delivered?
Budget & Timeline:
Fixed price preferred for Phase One (please provide an estimate).
Target delivery: within 1–2 weeks of engagement.
We are a UK-based Managed Services Provider (MSP) currently assessing a powerful open-source tool called CIPP (Central Identity Policy Platform) for managing multiple Microsoft 365 tenants.
As part of our onboarding and internal governance process, we need a consultant or developer to perform a code-level security and deployment review, produce a formal risk report, and optionally assist with deployment and integration.
This is a short-term engagement with the potential for ongoing work.
Project Scope – Phase One:
Review the CIPP source code (Python-based) for potential security flaws, malicious code, or poor practices.
Assess use of GDAP/DAP permissions and delegated access models.
Audit configuration files and deployment methods (Docker-based).
Evaluate dependency and supply chain risks (e.g., Python packages).
Provide a formal written report that includes:
Risk summary and threat assessment
Technical findings and recommendations
Executive-friendly summary
Skills Required:
Python (secure coding & open-source auditing)
Microsoft 365 / Azure AD administration
Experience with GDAP/DAP and Microsoft Graph API
Docker and container security
Familiarity with security standards (e.g., OWASP, Cyber Essentials, ISO 27001)
Deliverables:
Written risk assessment report (PDF or Word)
Summary of recommendations
(Optional) deployment assistance and SIEM integration guidance
To ideally,
Please Answer:
Have you audited open-source tools or Python applications before? If so, please provide examples.
Do you have experience working with Microsoft 365 APIs or delegated admin access (GDAP/DAP)?
Are you comfortable reviewing Docker/container deployment security?
Can you provide a sample or outline of a previous risk report or security assessment you've delivered?
Budget & Timeline:
Fixed price preferred for Phase One (please provide an estimate).
Target delivery: within 1–2 weeks of engagement.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
My Clarification Questions:
1. Is CIPP already partially deployed, or is this a pre-deployment review?
2. Should the review prioritize internal compliance standards or external audit readiness (e.g., ISO)?
3. Are there specific Python packages or modules you’re concerned about in the supply chain?
4. Will the deployment be self-hosted or integrated within your cloud infra?
5. Are there existing SIEM tools or logs you’d like integrated post-deployment?
Thanks again, Jason. Your project aligns perfectly with my expertise, and I’d be glad to bring clarity, security, and structure to your CIPP deployment. Let’s move forward and make your governance process airtight.