Microsoft-first · Entra ID · Read-only

One operating view for Microsoft 365 control posture

ScanPosture connects read-only to Microsoft 365 and Entra ID, assesses security posture across key control areas, and turns technical findings into prioritised remediation, evidence, and trend visibility.

View scan coverage
Multi-tenant readyDrift between scans6 framework views

The live dashboard, at a glance

Posture score, open findings, scan coverage, priority actions, and what changed between scans — on one page, refreshed with every completed scan.

demo.scanposture.com/dashboard
Dashboard
Security posture overview · Last scan 2d ago
Run Scan
87B
Strong Posture
Stable since last scan
2d ago
How scoring works
Open findings
18
1 critical · 9 high · 7 medium · 1 low
Scan coverage
52
checks assessed
Avg 0.2d to resolve
Critical
1
Immediate attention required
Resolved
0
this month
Top Actions to Improve Your Score
View All →
Estimated impact on your overall ScanPosture score
1CRITICAL
OAuth Apps With Excessive Consent Grants
CE User Access ControlNon Hu…
+4.1pts
2HIGH
Inactive Accounts Over 90 Days
CE User Access ControlAccoun…
+2.2pts
3MEDIUM
App Registrations With Expiring Credentials
CE App SecurityApp Reg…
+2.2pts
What Changed This Scan
View All →
Compared with the previous completed scan
1 change1 resolved
Posture improved — 1 finding was resolved this scan.
RESOLVEDExcessive Global Administrator Ac…CRITICAL
1 change detected
Ask your posture

More than a dashboard

ScanPosture is designed to help teams understand what their Microsoft controls look like, where posture is weakening, what needs attention first, and what evidence can be shown to stakeholders.

Assess posture

Map Microsoft 365 and Entra ID signals into controls and domains so the picture holds together.

Prioritise remediation

Surface the actions with the greatest posture impact and make them easy to hand off.

Evidence improvement

Show recurring scans, trend history, and framework readiness to stakeholders that ask.

From connection to evidence, in four steps

1

Connect Microsoft 365

Read-only OAuth consent. No agents, no passwords, no tenant write actions.

OAuth · Read-only

2

Run a scan

ScanPosture assesses Microsoft 365 and Entra ID configuration against 201 read-only checks.

201 checks

3

Review posture

Findings are grouped into domains, controls, priority actions, and framework readiness views.

9 domains

4

Track improvement

Recurring scans show what changed, what improved, and what needs renewed attention.

Drift · Trend

Posture score, open findings, and what changed this scan

The dashboard presents posture score, security domains, scan coverage, open findings, priority actions, what changed this scan, and trend history — all refreshed with every completed scan.

The ScanPosture score reflects connected and assessed scope. Areas not connected or not observable are not silently treated as passed or failed.

What you see

Refreshed with every completed scan

  • Weighted posture score and trend vs previous scan
  • Domain strip — all 9 security domains at a glance
  • Priority actions with estimated score impact
  • What changed this scan — new, returned, resolved
  • Scan coverage vs applicable checks
  • Access reviews and assigned risks in-line

Control strength, across four dimensions

A control that exists but only covers a small number of users should not score the same as a control that is consistently enforced across the tenant. ScanPosture scoring is designed to reflect that difference.

Presence

Does the control exist in the tenant?

Coverage

What share of users, roles, apps, or data is in scope?

Quality

Are the settings configured with appropriate strength?

Strength

How resilient is the control against bypass or weak configuration?

Framework readiness scores are separate from the overall posture score.

Priority actions with real remediation detail

ScanPosture turns findings into prioritised remediation steps. Each recommendation includes what to do, why it matters, and exactly where in the Microsoft admin experience to do it.

Every finding includes

What, why, and exactly where

  • Ranked list of highest-impact actions per scan
  • Estimated score gain per action
  • Step-by-step remediation guides with portal paths
  • Deep-links into Entra / Exchange / SharePoint admin
  • Prerequisite notes where licensing or roles apply
  • Verification steps to confirm the fix applied

What changed since the last completed scan

Every scan is compared against the previous completed scan. You see new findings, returned findings, resolved findings, and which areas have worsened.

New

First detected in the latest scan compared with the previous completed scan.

Returned

Previously seen historically, absent in the previous completed scan, and present again now.

Resolved

Present in the previous scan, not present in the latest scan.

Evidence that refreshes itself

PDF posture reports, executive summaries, scheduled email digests, and CSV exports — so stakeholders receive defensible evidence without screenshots or manual compilation.

Outputs

Defensible, without the manual compilation

  • PDF posture reports
  • Executive summary reports
  • Scheduled email digests
  • CSV exports of findings and controls
  • Evidence always reflects the latest scan

Read-only by design

ScanPosture observes configuration and generates findings. It does not modify the customer tenant during scans.

  • No agents to install, no passwords to share
  • Microsoft-issued read-only OAuth permissions
  • No write actions against the tenant during a scan
  • The customer remains in control of every configuration change
  • Any future authorised remediation is clearly separate from scan mode

See your Microsoft posture clearly

Book a 30-minute walkthrough against a working ScanPosture tenant.

Read-only · no agents201 checks · 9 domainsNo sales script
View scan coverage
or emailhello@scanposture.com