Single Assessment · Microsoft 365 Suite
The CISO posture review. Read-only audit of your Microsoft 365 security baseline — Conditional Access policy enforcement, MFA coverage, Global Admin count, guest-to-member ratio, Purview sensitivity labels, audit log retention. The compliance evidence pack you need before any AI deployment, regulator visit, or board security briefing.
One-time payment · 90-day access · locked to one Microsoft 365 tenant · MigrationFox-branded PDF
Pricing
90 days · 1 tenant · unlimited re-runs
Or get all 6 assessments + white-label for CA$1,599
What we scan
Module
CA policy enumeration via /identity/conditionalAccess/policies, MFA coverage check, Global Administrator count (Microsoft recommends ≤3), guest-to-member ratio, OAuth application grants, Privileged Identity Management presence.
Module
Sensitivity label inventory via the Information Protection Graph endpoint, custom Sensitive Information Type count, audit log access verification, eDiscovery case visibility. The compliance posture for any AI rollout in a regulated industry.
Module
SubscribedSkus enumeration to detect Entra ID Premium P1/P2 (Conditional Access + PIM), Microsoft Purview Information Protection, and Audit Premium. Tells you which security features are licensed before you try to enable them.
Why it matters
Microsoft recommends no more than three Global Administrators per tenant — ideally two plus a break-glass emergency account. The median tenant we scan has eight to fifteen. None of them are time-bound through Privileged Identity Management. Most don't have MFA on the GA accounts specifically (just on the org-wide CA policy that gets bypassed by emergency-access exclusions). The IBM 2025 Cost of a Data Breach report puts the global average breach cost at $4.44M; the US average at $10.22M; healthcare specifically at $7.42M. Excessive Global Admin assignments are one of the leading initial-access vectors in those breaches.
The M365 Security Assessment is the read-only posture review you can hand to a regulator, an internal auditor, or your CISO before any major M365 change — Copilot rollout, M&A integration, new geographic expansion, board-level security briefing. It's not a pen test (we never write to your tenant) and it's not a configuration manager (we never make changes). It's a 5-minute snapshot of where your tenant currently sits against Microsoft's own published security baseline recommendations, with a prioritized remediation list.
You get the Conditional Access policy inventory with gaps flagged, the MFA enforcement breakdown by user segment, the Global Administrator count with PIM coverage status, the guest-to-member ratio (anything above 20% gets flagged), the Purview sensitivity label coverage signal, and the audit log readiness check. Each finding is tagged Must Do Before Copilot, Must Do Before Full Rollout, or Nice to Have so the security team knows the priority order.
Consultant or MSP delivering security reviews for clients? The Microsoft 365 Complete Bundle at CA$1,599 includes the Security assessment plus the other five with white-label PDF rights and a commercial redistribution license.
Read-only, 5 minutes, no agent. Free snapshot to see the score, paid assessment for the full findings list and exports.