Microsoft-first control assurance
Your Microsoft 365 security posture changes every day. See what changed, fix what matters, and prove control when asked.
ScanPosture runs read-only checks across Microsoft 365 and Entra ID, prioritises what needs fixing, and turns the evidence into defensible reports for auditors, insurers and clients.
Read-only scanning · UK-hosted · No credit card · Connected in minutes
ScanPosture at a glance
Read-only checks
201
Across Microsoft 365 and Entra ID, every scan
Assessment domains
9
From identity and MFA to tenant configuration
Framework views
8
Cyber Essentials, ISO 27001 and more
Changes made by scans
0
Scanning is read-only. Setup runs only with your admin’s approval.
The problem
Security questions arrive with a deadline attached.
Your insurer, your auditor and your biggest customer all ask the same thing: show us your Microsoft environment is under control.
Posture drifts silently
Settings change, consultants leave, defaults weaken. Between reviews, nobody is watching the gap open.
The evidence lives in admin centres
The proof is scattered across consoles that the people asking the questions will never open.
Point-in-time reviews go stale
Last quarter’s spreadsheet says nothing about today. The question is always about now.
Why ScanPosture
Secure Score gives your admin a number. ScanPosture gives your business evidence.
Framework views, not console points
Readiness views for Cyber Essentials, ISO 27001 and the other frameworks you are actually asked about, instead of a score that only means something inside one console.
An evidence trail, not a snapshot
Every scan is recorded: what was checked, what changed, what improved and who accepted which risk. When the question comes, the answer already exists.
Written for the people who get asked
Plain-English findings and reports you can put in front of a board, an insurer or a client, not raw console output.
Coverage
201 read-only checks across the places Microsoft 365 drifts.
Each check observes one control, compares it against good practice, and explains what to do about it in plain English.
Framework readiness
Evidence mapped to the frameworks you get asked about.
Every finding carries its framework references, so readiness views build themselves from observable evidence rather than a once-a-year questionnaire.
ScanPosture shows alignment and readiness against selected technical controls related to each framework. It does not itself certify compliance or replace formal assessment, certification, or legal advice.
Beyond the scan
From findings to defensible decisions.
For MSPs
Run posture across every client you manage.
One portal for your whole client base: per-client readiness, fleet-wide drift, white-label reports and evidence your clients’ insurers will actually accept.
See what changed in your tenant this month.
Connect, run your first scan, and read the findings the same day.
From £350 a month for 100 users. Bigger tenants pay less per user.
28-day trial · No credit card · Read-only scanning
Common questions
- Does ScanPosture change anything in our tenant?
- Scanning is read-only and never modifies your environment: ScanPosture observes configuration, scores what it sees, and reports. The only changes ever made are during setup, when your administrator explicitly approves assigning ScanPosture its read-only reader roles.
- Do we need to install anything?
- No agents and no software. ScanPosture connects to Microsoft 365 through Microsoft’s own APIs after an administrator approves its read-only reader roles. Most organisations run their first scan the same day.
- Does this certify us for Cyber Essentials or ISO 27001?
- No, and we are deliberate about that. ScanPosture shows readiness and collects observable evidence against selected technical controls. Certification remains with the certification bodies; ScanPosture makes the technical evidence defensible.
- How is this different from Microsoft Secure Score?
- Secure Score is a number inside a console for IT administrators. ScanPosture maps observable evidence to the frameworks you are asked about, tracks drift between scans, records who decided what, and produces reports for the people asking the questions.