Features

What Audit My Tenant scans

Comprehensive coverage across every Microsoft 365 and Azure domain. See exactly what's being evaluated — organized by the areas that matter most to your clients.

Scan Domains

Security checks by domain

Each domain covers the critical configuration areas that attackers target most.

Identity & Access

  • MFA enforcement and registration policies
  • Conditional Access policy evaluation
  • Privileged role assignment review
  • Guest and external access controls
  • Password and authentication policies
  • Sign-in risk and user risk policies

Email & Exchange

  • Anti-phishing and anti-spam policies
  • DKIM, DMARC, and SPF configuration
  • Safe Attachments and Safe Links
  • Transport rule security review
  • Mailbox audit logging
  • External forwarding controls

Devices & Intune

  • Device compliance policy assessment
  • Endpoint protection configuration
  • BitLocker and encryption settings
  • Windows Update for Business policies
  • App protection policies
  • Browser security baselines (Edge)

SharePoint & OneDrive

  • External sharing policies
  • Guest access restrictions
  • DLP policy configuration
  • Site-level permission controls
  • OneDrive sync restrictions
  • Versioning and retention settings

Teams

  • External meeting and chat policies
  • Guest access settings
  • App permission policies
  • Meeting recording and transcription controls
  • Channel creation and moderation
  • File sharing restrictions

Compliance & Defender

  • Audit log retention policies
  • Data Loss Prevention rules
  • Information protection labels
  • Defender for Office 365 settings
  • Alert policies and notifications
  • eDiscovery and retention compliance

Azure & Infrastructure

  • Compute, storage, and database hardening
  • Network security groups and firewall rules
  • Key vault access policies and rotation
  • Diagnostic settings and logging
  • Defender for Cloud configuration
  • Identity and access management controls
Security Playbooks

From findings to action plans

Audit My Tenant doesn't just tell you what's wrong — it tells you exactly how to fix it with AI-powered security playbooks.

Attack Scenario Analysis

Eight real-world attack playbooks — BEC, ransomware, credential theft, data exfiltration, and more — mapped directly to your scan findings.

AI-Powered Narratives

Claude AI analyzes your tenant's specific results and generates actionable narratives explaining risks, impact, and remediation steps in plain language.

Maturity Progression

Track your security posture from Basic to Optimized across every attack scenario. See exactly what to fix next to level up.

Client-Ready Reports

Export playbooks as polished PDF reports with your branding. Hand them directly to clients — no reformatting needed.

Advanced Capabilities

Built for MSP operations

Beyond scanning — tools that help you manage, monitor, and report across your entire client base.

Config Drift Detection

SHA-256 snapshots of every Intune policy. Get alerted when configurations change unexpectedly — with full diff visibility and acknowledge workflows.

Role-Based Access Control

Invite client users as viewers, editors, or admins. Control who can see findings, accept risks, and manage tenant settings.

Conditional Access Validator

Deep evaluation of Conditional Access policies — not just "do they exist" but "do they actually protect what matters."

Zero Trust Readiness

Assess your tenants against Zero Trust principles across identity, devices, apps, data, and network — with a clear maturity score.

BEC Detection

Scan every mailbox for Business Email Compromise indicators — silent forwarding rules, suspicious inbox rules, and unauthorized delegate access that survives password resets.

App Permission Audit

Audit every enterprise app for dangerous OAuth permissions. Flag overprivileged apps, unverified publishers, and illicit consent grants with automatic risk scoring.

PDF Reporting

Client-ready reports in seconds

Generate polished, branded PDF reports that you can hand directly to clients, executives, or auditors — no reformatting required.

Executive Summary

A high-level overview of tenant security posture with risk scores, pass/fail breakdowns, and key findings — designed for non-technical stakeholders.

Full Findings Report

Every finding with severity, status, framework mappings, and step-by-step remediation. The complete technical reference for your engineering team.

Framework Compliance Report

Pick any framework — CIS, NIST, SOC 2, HIPAA, or any of the 14 supported standards — and generate a compliance-focused report showing coverage and gaps.

AI-Powered Narrative Analysis

Optionally enrich any report with AI-generated narrative analysis that explains risks, impact, and remediation priorities in plain language.

Branded PDFs

Upload your logo and generate reports with your branding. Charts, donut graphs, and severity breakdowns included automatically.

Recommendations & Roadmap

Each report includes prioritized recommendations based on severity and risk weight — giving clients a clear path from current state to secure.

Scheduled Scans

Set it and forget it

Configure automated scan schedules for every tenant. Audit My Tenant runs scans on your schedule — no manual trigger needed.

Daily, Weekly, or Monthly

Choose the frequency that fits each tenant. High-risk clients get daily scans, stable environments run weekly or monthly.

Continuous Compliance Monitoring

Catch configuration drift and new security gaps as they happen — not weeks later during a manual audit.

Hands-Free Operation

Once configured, scans run automatically in the background. Results update in your dashboard and are ready for reporting at any time.

Framework Coverage

1,554 rules across 14 compliance frameworks

Audit My Tenant cross-references every finding against industry-standard frameworks so you can report in the language your clients and auditors expect. Over 16,377 total framework mappings — each rule tagged to every applicable standard.

CIS M365 Foundations
CIS Intune
CIS Edge
CIS Defender
CIS Controls v8
NIST SP 800-53
NIST CSF 2.0
CISA SCuBA
MITRE ATT&CK
SOC 2
CMMC Level 2
ISO 27001
HIPAA
PCI DSS v4.0
Cyber Essentials
Essential Eight

CIS M365 Foundations

Center for Internet Security benchmark for Microsoft 365 — the gold standard for cloud configuration.

CIS Intune

CIS benchmark for Microsoft Intune device management and endpoint protection.

CIS Edge

CIS benchmark for Microsoft Edge browser security settings and policies.

CIS Defender

CIS benchmark for Microsoft 365 Defender — anti-malware, Safe Links, Safe Attachments, and threat policies.

CIS Controls v8

The CIS Critical Security Controls — 18 prioritized safeguards that form the foundation of any security program.

NIST SP 800-53

National Institute of Standards and Technology security controls — required for federal compliance.

NIST CSF 2.0

The NIST Cybersecurity Framework — Govern, Identify, Protect, Detect, Respond, and Recover functions.

CISA SCuBA

Secure Cloud Business Applications baselines from the Cybersecurity & Infrastructure Security Agency.

MITRE ATT&CK

Adversarial tactic and technique mappings — understand which attacks each rule defends against.

SOC 2

Trust Services Criteria for service organizations — Security, Availability, Confidentiality, Processing Integrity, and Privacy.

CMMC Level 2

Cybersecurity Maturity Model Certification — required for DoD contractors handling Controlled Unclassified Information.

ISO 27001

International standard for information security management systems — recognized worldwide.

HIPAA

Health Insurance Portability and Accountability Act — safeguards for organizations handling protected health information.

PCI DSS v4.0

Payment Card Industry Data Security Standard — required for any organization that processes card payments.

Cyber Essentials

UK government-backed scheme covering five critical technical controls for baseline security.

Essential Eight

Australian Signals Directorate mitigation strategies — the baseline for Australian government and critical infrastructure.

Risk Intelligence

More than pass/fail

Audit My Tenant goes beyond simple compliance checks with weighted risk scoring and actionable remediation.

Weighted Risk Scoring

Every rule carries a severity weight. Your tenant risk score reflects real-world impact — not just a count of failures.

Remediation Guidance

Step-by-step instructions for every finding, including which admin portal to use and what licensing is required.

Multi-Framework View

Browse findings by CIS control, NIST family, MITRE tactic, or domain. Choose the lens that fits your audience.

Ready to audit your M365 tenant?

Get continuous compliance monitoring across all your client tenants.

Request a Demo