Free Microsoft 365 Scanning Tools

1. 34% of CIS M365 v6 Controls Require Manual Review

According to the CIS Microsoft 365 Foundations Benchmark v6, 93 out of 140 controls are classified as automated—meaning they can be evaluated using PowerShell or Microsoft Graph commands.

 

That leaves 47 out of 140 controls (34%) that must be manually audited.

 

2. Scanners Can’t Audit Manual Controls

If a scanning tool claims you’re “100% compliant” with the CIS M365 Benchmark, that’s only true for the automated subset of controls.

 

In other words, you’re really only about 66% compliant overall.

 

This creates a dangerous false sense of security—especially for organizations that depend on scan reports for compliance reporting or risk assessments.

 

3. Complex Controls Defy Simple Automation

Some controls can’t be accurately measured by any tool. For example, break glass accounts can have a variety of usernames, but they all must meet a specific set of security requirements.

 

A scanning tool can only approximate which accounts are intended as break glass accounts—it can’t determine that with 100% certainty. As a result, automated tools can easily miss critical misconfigurations or assume compliance where there is none.

​

4. We bring clarity

We arm you with an executive summary, a roadmap, and a remediation tracker. We go over your assessment results with you during a formal Q&A session. Lastly, we include additional guidance to bring further value beyond the security controls we cover.

​

5. We use a blend of benchmarks

To help ensure thorough M365 Security coverage, we assess you against 161 controls from the CIS M365 benchmark, the CIS Dynamics benchmark, and Redeemer Cyber controls. We use our in-house benchmark to bring you the latest and greatest security controls so that our customers receive cutting edge security guidance.