One operating layer for
Microsoft 365 security posture
ScanPosture connects read-only to Microsoft 365 and Entra ID, assesses observable control posture, prioritises remediation, monitors drift, and keeps evidence current between reviews.
Read-only OAuth connection · No agents · No password collection · No tenant changes during scanning
One page for what changed, what matters, and what you can evidence
Score movement, open findings, priority actions, framework readiness, and what changed between completed scans — on one page.
Stored in the UK
Supabase London (eu-west-2). No US round-trip.
Read Your dataZero write scopes
Every Graph permission is read-scoped.
Read SecurityVerified publisher
Visible in the Global Admin consent screen.
Read Security8 vendors, listed
Each one named, with purpose and region.
Read Sub-processorsMicrosoft 365 posture is hard to
evidence from admin centres alone
Security-relevant settings live across multiple Microsoft portals, policies, users, groups, applications, collaboration controls, audit settings, and device signals. Reviews become slow, inconsistent, and difficult to evidence.
Fragmented visibility
Important posture signals are spread across Entra ID, Microsoft 365 admin surfaces, security settings, collaboration controls, and device posture.
Weak prioritisation
Raw findings do not tell teams what to fix first. ScanPosture focuses attention on control weakness, severity, and estimated posture impact.
Stale evidence
Screenshots and spreadsheets age quickly. Recurring scans create evidence that can be refreshed and compared over time.
More than a dashboard
ScanPosture helps teams understand control weakness, prioritise remediation, monitor drift, and produce evidence that stays current.
Understand control weakness
Readable posture across identity, access, applications, collaboration, logging, and device controls.
Prioritise what matters
Severity, control impact, and estimated score movement help teams focus on the highest-value remediation first.
Keep evidence current
Repeatable scans, readiness mapping, and historical outputs replace stale screenshots and ad-hoc spreadsheets.
From connection to evidence, in four steps
Connect Microsoft 365
Read-only OAuth consent. No agent. No password collection.
OAuth · Read-only
Run a posture scan
ScanPosture assesses observable controls across Microsoft 365 and Entra ID.
201 checks
Review risk and readiness
See posture score, priority actions, framework readiness, and what changed.
Score · Actions
Maintain assurance
Refresh evidence, monitor drift, and track improvement over time.
Drift · Trend
Posture score, open findings, and what changed this scan
ScanPosture turns technical signals into a readable posture view, including open findings, priority actions, affected controls, framework readiness, and movement between completed scans.
Every completed scan produces
- Overall ScanPosture score
- Open findings by severity
- Priority actions
- Affected controls
- Framework readiness
- What changed since the previous completed scan
- Evidence and report outputs
Priority actions with remediation detail
ScanPosture highlights the actions most likely to improve the overall ScanPosture score. Each action links to the affected control, severity, evidence, and remediation guidance.
Require MFA for all users
Identity & Authentication
Block legacy authentication
Conditional Access
Review privileged role assignments
Privileged Access
Restrict anonymous sharing
Data Access & Collaboration
Estimated impact on overall ScanPosture score shown — not on any individual framework readiness view.
What changed since the last completed scan
Every scan is compared against the previous completed scan, so teams can see what is new, what returned, what was resolved, and what changed.
First detected in the latest completed scan.
Seen historically before, absent in the previous completed scan, present again now.
Present in the previous completed scan, absent from the latest completed scan.
Existing finding or control state changed severity, evidence, scope, or affected objects.
Evidence that refreshes itself
Replace point-in-time screenshots with structured evidence that can be refreshed for leadership, customers, insurers, procurement reviews, and internal governance.
Readiness views show observable technical alignment within ScanPosture’s assessment scope. They do not certify compliance.
Report outputs
- Executive posture reports
- Framework readiness summaries
- Evidence snapshots
- Remediation history
- Scan comparison outputs
- Exportable findings and actions
Read-only access. No agents. No tenant changes.
ScanPosture connects using Microsoft OAuth with read-only permissions. It assesses configuration and posture signals, but does not change policies, users, roles, or tenant settings during scanning.
- No passwords collected
- No agent deployment
- No write permissions for scanning
- OAuth permissions visible during consent
- No automatic remediation without explicit future authorisation
- Tenant connection can be removed
Built for internal IT teams and MSPs
Use ScanPosture to understand posture in your own Microsoft tenant or operate recurring assurance across managed customer environments.
Direct customer
For Microsoft-first organisations
Understand control posture, prioritise remediation, and produce current evidence without relying on spreadsheets or one-off reviews.
View platformPartner
For MSPs
Monitor customer posture, produce recurring evidence, support service reviews, and show improvement across managed tenants.
Explore MSPSee what changed, what matters, and what evidence you can defend.
Built for Microsoft-first SMBs and MSPs that need clearer posture evidence without enterprise complexity.
Read-only OAuth · Recurring assurance · No sales script