Continuous control assurance for Microsoft-first organisations

ScanPosture gives Microsoft-first organisations a clear, defensible view of identity, access, collaboration, audit, and device posture, with prioritised remediation and evidence that stays current.

Read-only access · No agents to install · Microsoft 365 · UK company

201
Security checks
Read-only · continuously monitored
9
Security domains
Scored across all controls
6
Framework views
CE, ISO, GDPR, NIST, CIS, SOC 2
£2.50
Per Entra user / month
Not per ScanPosture admin

The Platform

A live view of control posture

See posture score, priority actions, domain strength, scan coverage, and what changed since the last completed scan.

app.scanposture.com/dashboard
Dashboard
Security posture overview · Last scan 2h ago
Run Scan
62
Developing Posture
Stable · 186 scored
Open Findings
49
5 critical · 22 high · 20 medium
Scan Coverage
186
of 201 checks applied
Avg 1.8d to resolve
Critical
5
Immediate attention required
Resolved
3
this month
Top Actions to Improve Your ScoreAll Findings →
1CRITICAL
Noncompliant Device Blocking
Device Security
+15
2CRITICAL
Entra ID Log Retention Depth
Logging & Audit
+15
3CRITICAL
No MFA for Admin Portal Access
Conditional Access
+15
Fix all 5 to improve your score40 → ~100/100
What Changed This ScanView All →
10 changes·10 new
NEW · 10
Custom Banned Password List Not ConfiguredMEDIUM
No Emergency Access (Break-Glass) AccountsHIGH
Self-Service Password Reset DisabledHIGH
Weak Password PoliciesHIGH
Users Without MFA EnabledCRITICAL
Security Domains9 scored · weakest first
D919
Device Security
D330
Conditional Access
D845
Logging & Audit
D450
Account Lifecycle
D161
Identity & Auth
D671
Monitoring & Posture

The Problem

Security posture managed through scattered tools and manual effort

Most Microsoft-first businesses rely on fragmented native tooling, infrequent manual checks, and screenshots as evidence. That creates real security risk and unreliable governance.

No unified view

Security configuration is spread across Entra ID, Exchange, SharePoint, Intune, and Teams admin centres. Nobody has the complete picture in one place.

Weak prioritisation

When all findings look the same, nothing gets fixed in the right order. Critical gaps sit alongside low-severity observations without clear direction.

Evidence that goes stale

Screenshots and export files lose credibility quickly. Clients, insurers, and auditors need current, structured proof, not last quarter's artefacts.

Why ScanPosture Is Different

Control strength, not checkbox compliance

Most tools give you raw findings or misrepresent what your controls actually cover. ScanPosture is built around a defensible view of what your controls achieve across your Microsoft 365 tenant.

01

Not just pass/fail

Checks are grouped into controls. The result reflects genuine control posture across your tenant, not isolated configuration observations.

02

Four-dimension assessment

Each control is assessed across presence, coverage, quality, and strength. A policy covering 30% of users scores differently to one covering 95%.

03

Defensible evidence

Framework readiness views show observable technical alignment. ScanPosture does not certify compliance or make claims that cannot be evidenced.

What Gets Scanned

201 checks, structured around the controls that matter most

Coverage spans identity, access, applications, collaboration, devices, logging, and drift detection across Microsoft 365 and Entra ID.

Authentication & MFA
Privileged access
Account hygiene & lifecycle
Conditional Access policies
Applications & permissions
Non-human identity & credentials
Tenant configuration
Monitoring & risk detection
Segregation of duties
AI agent identity & Copilot
Device security (Intune)
SharePoint & OneDrive
Microsoft Teams
Exchange Online & email security
Logging & audit configuration

What You Get After Every Scan

More than a findings list

Every scan produces structured outputs you can act on, share with stakeholders, and use as evidence.

Posture score

A 0-100 score across 9 weighted security domains, with trend tracking over time.

Priority actions

A ranked view of which controls need the most attention, and what resolving them is worth to your score.

Framework readiness

Observable readiness mapped to CE, ISO 27001, GDPR, NIST, CIS, and SOC 2. Not a certification claim.

Remediation guidance

Step-by-step instructions with exact portal navigation paths for every finding.

Drift detection

See exactly what changed between scans, including what improved and what deteriorated.

PDF reports

Executive summary and evidence outputs, ready for client or stakeholder delivery.

Scheduled summaries

Posture summaries on your schedule, delivered by email, Slack, or Teams webhook.

Owner assignment

Assign findings to responsible owners and track remediation accountability across your team.

The operating layer

Beyond the scan result

ScanPosture is not just a findings viewer. It gives you the tools to manage risk, record accountability, and maintain a defensible posture record over time.

Risk and exception tracking

Mark findings as accepted exceptions with supporting rationale. Keep your exception record auditable and available for review.

Compensating controls

Document where existing controls partially or fully offset identified gaps. Build a governance record that reflects operational reality, not just raw findings.

What deteriorated

Every scan surfaces controls that degraded since the last check. Identify and respond to deterioration, not just to the overall findings count.

Operational cadence

Recurring posture reviews on your timeline. Evidence stays current without manual extraction or scheduling effort.

Real Findings

What ScanPosture actually surfaces

Every finding includes severity, control mapping, framework alignment, and step-by-step remediation guidance.

CRITICALUsers without MFA enabled
CRITICALLegacy authentication not blocked
HIGHExcessive Global Administrator accounts
HIGHGuest users with elevated privileges
HIGHDMARC not configured for primary domain
HIGHPIM activation without MFA required
MEDIUMSharePoint anonymous sharing enabled
MEDIUMService principals with expiring credentials

8 examples from 201 checks across identity, access, email, collaboration, devices, AI permissions, and drift.

Framework Readiness

Framework support, not compliance claims

ScanPosture maps observable Microsoft 365 and Entra ID controls to framework themes. These views support readiness conversations and evidence gathering. They do not certify compliance or replace legal, audit, or certification advice.

Cyber Essentialsv3.3

Secure Configuration and User Access Control readiness evidence within Microsoft 365 scope.

ISO 270012022

Selected A.5 and A.8 technical control evidence across identity and access management.

GDPRArticle 32

Technical safeguard assessment within identity, access, and data-handling scope.

NIST CSFRev 2

Identity, Protect, and Detect function evidence across Microsoft 365 and Entra ID controls.

CIS Controlsv8.1

Account Management, Access Control, and Audit Log Management safeguard readiness evidence.

SOC 2Type II

Logical and Physical Access, Change Management, and Risk Monitoring criteria evidence.

Pricing

Straightforward pricing for Microsoft-first teams

Priced per Entra user in the monitored tenant. Contact us for MSP and multi-tenant pricing.

£2.50

per Entra user / month

Billed per licensed user in your monitored tenant, not per ScanPosture administrator. From £250/month for 100 users.

  • 201 security checks across 15 categories
  • Control-model posture scoring (9 domains)
  • Framework readiness (CE, ISO, GDPR, NIST, CIS, SOC 2)
  • Drift detection between scans
  • Step-by-step remediation guidance
  • PDF reports and CSV exports
  • Scheduled posture summaries
  • Email, Slack, and Teams webhook alerts
  • Continuous monitoring, not one-off reviews

Typical alternatives

One-off consultant review£3,000 to £8,000 each
Microsoft Secure Score only (fragmented, no remediation)Free but incomplete
Manual evidence via screenshots and spreadsheetsSignificant staff time
Generic compliance automation platform£6,000 to £15,000/year
ScanPosture (100 users)£250/month

Price ranges are indicative and vary by scope and vendor.

Microsoft has useful native tooling, but posture visibility is fragmented across admin centres. ScanPosture brings control scoring, drift detection, and readiness evidence into a single operational layer, updated continuously.

For Managed Service Providers

A complete operating layer for MSP customer estates

ScanPosture helps MSPs monitor customer posture, evidence improvement, prioritise remediation, and support recurring service reviews across Microsoft-first tenants.

Fleet-level visibility

Review posture across all customer tenants from one interface. No separate logins, no context switching.

Branded reporting

Produce customer-ready reports with MSP branding where enabled. Structured outputs for service delivery and stakeholder review.

Drift and priority tracking

See what changed across client tenants between scans. Identify what worsened and what needs attention before clients raise it.

Remediation workflow

Track actions, exceptions, and follow-up across customer estates. Evidence that work is being done and decisions are recorded.

Customer review support

Use posture evidence and trend history to support structured service reviews and quarterly business reviews.

Role-based access

Control what MSP users and customer stakeholders can see. Scoped views per client, configurable at the MSP level.

Platform Status

What’s live, what’s next, what’s planned

Control assurance is live and operational. Here is where each capability currently sits.

Live

  • 201 checks across 15 categories
  • Control-model posture scoring (9 domains)
  • Customer portal and reporting
  • MSP portal and client portal
  • Drift detection and scheduled scans
  • Framework readiness (CE, ISO, GDPR, NIST, CIS, SOC 2)
  • Remediation guidance and PDF reports
  • Risk acceptance and exception tracking
  • Demo environment

Next

  • Deeper Microsoft 365 coverage
  • Stronger governance and exception workflows
  • Richer MSP review and client reporting
  • Broader executive evidence outputs
  • Direct customer billing portal

Planned

  • AWS IAM assurance expansion
  • Selected SaaS posture coverage
  • Authorised remediation actions
  • Cross-platform assurance layer

Getting Started

From connection to continuous assurance

Read-only OAuth consent. No agents, no passwords, no complex setup. Posture results in minutes.

Connect Microsoft 365

Read-only OAuth consent

First scan starts

Runs automatically

Review your posture

Results in minutes

Stay assured

Ongoing monitoring

Start a trial
Read-only accessNo agents to installMicrosoft 365UK company (Lawsons Enterprises Ltd)

Built By Practitioners

I built ScanPosture because I saw the same problem at every Microsoft-first business I worked with: fragmented security evidence, weak prioritisation, and no ongoing assurance. The tools that existed were either too basic or too expensive. This product fills that gap.

Andy Lawson, Founder, ScanPosture

Know what your controls look like. Fix the right gaps first.

Clear posture. Prioritised remediation. Evidence that stays current.