Microsoft-first control assurance

See what’s exposed. See what changed. Prove control.

ScanPosture helps organisations and MSPs monitor Microsoft 365 posture, identify external exposure, prioritise what matters, and produce defensible evidence for clients, insurers, auditors, and leadership.

Prefer to talk it through?

28-day trial. No card required. Read-only Microsoft scanning. Free scanner available with verified account.

Read-only Microsoft scanningNo agentsUK-hosted customer dataMicrosoft verified publisherFree exposure scan
Good afternoon, Rachel Whitfield
Posture, attention, and remediation across your tenant, on one page.
Tenant posture·Last 30 days
AI SummaryRun Scan
Latest scan·12h ago Improving(observed)
71/100C
+3
Improving posture
Posture has improved 3 points this month. One critical finding remains in Identity & Authentication, clearing it would lift the score towards the B band. Two access-review responses are overdue.
6078952 Jun9 Jun17 Jun24 Jun2 Jul
Open critical findings
1
Highest-severity open findings
Open high findings
7
High-severity open findings
Resolved this week
6
In the last 7 days
Latest scan age
12h
Last completed 12h ago
Users protected
138
Observed Microsoft 365 users in this tenant
Recent scan movement
Posture improved. 6 findings resolved this scan.
Closures outpaced new exposure since the last completed scan.
New
2
Resolved
6
Net movement
−4

Actual ScanPosture dashboard

The problem

Security questions arrive before the evidence is ready.

Clients, insurers, auditors, and leadership do not ask for a tour of your admin centre. They ask what is exposed, what changed, what is under control, and what evidence you can show.

Why ScanPosture

Secure Score is useful. It is not the whole assurance record.

Secure Score gives your admin a number. ScanPosture gives your business evidence.

Microsoft Secure Score

Useful inside the Microsoft admin world, but not designed as a business evidence pack, external exposure view, MSP service record, or framework readiness trail.

One-off reviews

Helpful at a point in time, but they go stale as users, roles, apps, policies, and exposed services change.

Basic exposure scanners

Useful for a quick snapshot, but limited without history, reporting, alerts, Microsoft 365 context, and evidence workflows.

ScanPosture connects the dots: exposure, Microsoft 365 posture, drift, remediation priority, and evidence.

How it works

Start with what is visible today. Build assurance from there.

Microsoft 365 Control Assurance

1

Connect Microsoft 365

Read-only Microsoft scanning. No agents. No passwords. No tenant changes during scans.

2

Review posture and drift

See priority actions, score movement, framework readiness, and what changed between scans.

3

Produce evidence

Generate reports and readiness views for clients, insurers, auditors, leadership, and MSP reviews.

Free External Exposure

1

Run a free exposure scan

See internet-facing services and open ports associated with your organisation.

2

Save limited scan history

Create a verified free scanner account for limited history and repeat scans within free tier limits.

3

Upgrade for continuous exposure assurance

Unlock detailed history, scheduled scans, reports, alerts, exports, and evidence.

Whether you start with Microsoft 365 assurance or a free exposure scan, ScanPosture builds a current record of what changed, what matters, and what can be evidenced.

The product

Evidence, for the people who ask.

ScanPosture turns posture signals into evidence business readers can use: what changed, what matters, what is exposed, and what decisions have been recorded.

201

Microsoft 365 checks

9

Active domains

8

Readiness views

External exposure scanning

UK-hosted customer data

Built for Microsoft-first organisations and the MSPs that support them.

IT leaders

See posture, drift, and priorities without stitching together admin-centre screenshots.

MSPs

Monitor exposure and Microsoft 365 posture across client tenants, with reports and review evidence.

Business owners and regulated SMBs

Prepare for insurance, client reviews, Cyber Essentials readiness, and security questions with evidence you can understand.