Identity & MFA gaps
Detect users, service accounts and break-glass admins without enforced MFA, weak conditional access, or stale sign-in risk.
Continuous scanning of identity, mail flow, sharing, and admin roles across your M365 tenant — mapped to compliance controls automatically.
Detect users, service accounts and break-glass admins without enforced MFA, weak conditional access, or stale sign-in risk.
Surface missing SPF, DKIM and DMARC alignment, permissive transport rules and anti-phishing policy coverage gaps.
Find SharePoint sites and OneDrive files exposed via anonymous links, external guests, or company-wide sharing defaults.
Identify Global Admins, standing privileged roles and Entra ID assignments that violate least-privilege baselines.
The M365 misconfiguration scanner requests only the Microsoft Graph API permissions required for read-only security assessment — directory, policy, audit and configuration scopes. It never requests access to mail content, calendar bodies, Teams messages or file contents. Every permission granted is auditable in Entra ID and revocable in one click.
| Severity | Finding | Scope |
|---|---|---|
| CRITICAL | Global Administrator without MFA | Entra ID · 3 users |
| HIGH | SharePoint site shared via anonymous link | SPO · FinanceOps |
| HIGH | DMARC policy set to none | Exchange Online |
| MEDIUM | Legacy authentication protocol enabled | Entra ID |
| MEDIUM | Guest users with directory read access | Entra ID · 47 guests |
| LOW | Audit log retention below 180 days | Purview |