ScanPosture gives Microsoft-first organisations a clear view of control posture, prioritised remediation, and evidence that stays current. Built for ongoing governance, not one-off reviews.
Read-only access · No agents to install · Microsoft 365 · UK company
The Platform
Posture score, domain breakdown, priority actions, and drift detection. Everything you need to understand your control state and act on it.
The Problem
Most Microsoft-first businesses rely on fragmented native tooling, infrequent manual checks, and screenshots as evidence. That creates real security risk and unreliable governance.
Security configuration is spread across Entra ID, Exchange, SharePoint, Intune, and Teams admin centres. Nobody has the complete picture in one place.
When all findings look the same, nothing gets fixed in the right order. Critical gaps sit alongside low-severity observations without clear direction.
Screenshots and export files lose credibility quickly. Clients, insurers, and auditors need current, structured proof, not last quarter's artefacts.
Why ScanPosture Is Different
Most tools give you raw findings or misrepresent what your controls actually cover. ScanPosture is designed around giving you a defensible view of what your controls achieve.
Findings are grouped into controls. The result reflects genuine control posture across your tenant, not isolated configuration observations.
Each control is assessed across presence, coverage, quality, and strength. A policy covering 30% of users scores differently to one covering 95%.
Framework mapping language is bounded and precise. ScanPosture shows what can be evidenced. It does not make claims that cannot be supported.
What Gets Scanned
Coverage spans identity, access, applications, collaboration, logging, and device posture across Microsoft 365 and Entra ID.
What You Get After Every Scan
Every scan produces structured outputs you can act on, share with stakeholders, and use as evidence.
A 0-100 score across 9 weighted domains, with trend tracking over time.
A ranked view of which controls need the most attention, and what addressing them is worth.
Readiness evidence mapped to CE, ISO 27001, GDPR, NIST, CIS, and SOC 2.
Step-by-step instructions with exact portal navigation paths for every finding.
See exactly what changed between scans, including what improved and what got worse.
Executive summary and evidence outputs, ready for client or stakeholder delivery.
Posture summaries on your schedule, delivered by email, Slack, or Teams webhook.
Assign findings to responsible owners. Track remediation accountability across your team.
The operating layer
ScanPosture is not just a findings viewer. It gives you the tools to manage risk, record accountability, and maintain a defensible governance record over time.
Mark findings as accepted exceptions with supporting rationale. Keep your exception record auditable and available for review.
Document where existing controls partially or fully offset identified gaps. Build a governance record that reflects operational reality, not just raw findings.
Every scan surfaces controls that degraded since the last check. Identify and respond to deterioration, not just to the overall findings count.
Recurring posture reviews on your timeline. Governance evidence stays current without manual extraction or scheduling effort.
Real Findings
Every finding includes severity, control mapping, framework alignment, and step-by-step remediation.
8 examples from 138 checks. A full scan covers identity, access, email, collaboration, devices, AI permissions, drift, and more.
Framework Readiness
ScanPosture maps observable controls to framework requirements and shows how strongly the evidence supports alignment. We do not claim certification or formal sign-off. We show what we can evidence.
Secure Configuration and User Access Control evidence within Microsoft 365 scope
Selected A.5 and A.8 technical control evidence across identity and access management
Technical safeguard assessment within identity, access, and data-handling scope
Access Control, Identification and Authentication, and Audit and Accountability evidence
Account Management, Access Control, and Audit Log Management safeguard evidence
Logical and Physical Access, Change Management, and Risk Monitoring criteria evidence
Pricing
Priced per licensed user in the monitored Microsoft 365 tenant. Contact us for MSP and multi-tenant pricing.
per licensed Microsoft 365 user / month
Pricing is per user in your monitored tenant, not per ScanPosture administrator. From £250/month for 100 users.
Microsoft has useful native tooling, but posture visibility is fragmented across admin centres. ScanPosture brings control scoring, drift detection, and readiness evidence into a single operational layer, updated continuously.
For Managed Service Providers
The MSP portal and client portal are live. ScanPosture gives managed service providers a structured way to deliver continuous control assurance across their customer estate, with the reporting and visibility to make it a repeatable service.
Manage all client tenants from one interface. Switch between clients, view consolidated posture, and run scans across your estate without separate logins.
Each client has their own scoped portal view. You control what they see, how much context they receive, and what actions they can take.
Deliver posture and evidence reports under your brand. Configure content, frequency, and visual identity per client.
See what changed across all client tenants between scans. Identify deterioration early, before clients raise it.
Structured review cadence for every client. Posture evidence generated on your schedule, ready for service delivery without manual effort.
See where clients need hardening work, licence changes, or expanded scope. Operational insight that supports structured account development.
Platform Status
Control assurance is live and operational. Here is where each capability currently sits.
Live
Next
Planned
Getting Started
Read-only OAuth consent. No agents, no passwords, no complex setup. Posture in minutes.
Read-only OAuth consent
Runs automatically
Results in minutes
Ongoing monitoring
Built By Practitioners
I built ScanPosture because I saw the same problem at every Microsoft-first business I worked with: fragmented security evidence, weak prioritisation, and no ongoing assurance. The tools that existed were either too basic or too expensive. This product fills that gap.
Andy Lawson, Founder, ScanPosture
Clear posture. Prioritised remediation. Evidence that stays current.