Built by someone who’s been on the other end of these reviews

ScanPosture exists because hand-rolled Microsoft 365 posture audits — across admin centres, screenshots, and spreadsheets — never stay current. After 30 years of doing them the hard way, we built the tool we wished we had.

Why ScanPosture

The same review, every quarter, by hand.

Thirty years of doing this job the long way round.

Across three decades of consulting and architecture work — public sector, regulated industries, charities, and FTSE-scale environments — the same job kept coming back: open every Microsoft 365 admin centre, click through every conditional access policy, every guest-access setting, every privileged role, every transport rule, and turn it all into a defensible posture report. Then a quarter later, do it again.

The bottleneck was never knowing — it was proving.

The result was always the same shape. Findings were correct on the day they were written and slightly wrong the day after. Screenshots aged. Spreadsheets diverged. Each new auditor wanted the same evidence projected against a slightly different framework. Most of the time we knew what to fix; the bottleneck was proving it consistently.

So we productised the review we wished existed.

ScanPosture is the tool we wanted: read-only Microsoft 365 + Entra ID assessment, recurring scans, drift detection between snapshots, and one set of findings re-projected against Cyber Essentials, ISO 27001, GDPR, NIST and CIS without having to redo the work for each. UK-based, UK-hosted, and built by people who've been the customer.

Founder
Andy Lawson

Andy Lawson

Founder · Senior IT consultant

30+ years across enterprise Microsoft platforms — identity, conditional access, end-user compute, infrastructure and operations.

hello@scanposture.com· United Kingdom

Background

A career-long enterprise IT practitioner — currently a Technical Lead in a regulated UK organisation, previously a Senior Consultant and Technical Architect across the public sector, healthcare, charities and large insurance.

The work has stayed in the same lane throughout: keeping large Microsoft estates secure, performant, and provable. Identity and access first; the rest follows.

ScanPosture is the natural continuation of that work — the same posture review, productised, repeatable, and shipped as a UK SaaS so other teams don’t have to do it from a blank spreadsheet every quarter.

Sectors worked across

NHS trustsLocal government · councilsPoliceBankingFinancial servicesFTSE-scale insurancePharmaceuticalsCritical national infrastructureUK national charitiesHigher education

Daily working stack

Entra IDActive DirectoryMicrosoft 365AzureConditional AccessGroup PolicyMicrosoft IntuneAVDAWSCitrixVMwareHyper-VMECM / SCCMMicrosoft ExchangeMicrosoft SQLVeeamTerraformAzure DevOps

What you’re actually buying

A UK SaaS, run by enterprise practitioners.

UK company

Lawsons Enterprises Ltd

Trading as ScanPosture. Registered in England and Wales. Company No. 16433965 · VAT GB495884223.

Read-only

Zero write scopes — by design

Every Microsoft Graph permission requested is read-scoped. ScanPosture is incapable of changing your tenant.

Practitioner-led

30 years of doing this by hand

The product is shaped by the person who used to be the consultant in the room — not by analyst calls or focus groups.

Read our security posture ·Where your data lives ·Sub-processors