Overview
M365-Assess is a read-only PowerShell tool that evaluates the security posture of your Microsoft 365 tenant. It connects to Exchange Online, Intune, Teams, Microsoft Purview, and Entra ID, pulls configuration data, and checks it against established security baselines.
The tool evaluates your environment against CIS Benchmarks — the same controls that auditors and compliance teams reference. Instead of clicking through admin portals and comparing settings manually, M365-Assess automates the data collection and comparison in a single sweep.
The output is a clean, structured report you can hand directly to a client, attach to an audit deliverable, or use internally to prioritize remediation. No spreadsheets, no copy-paste, no guesswork about what was checked.
Key Features
Read-only access
No agents, no write permissions, no changes to your environment. M365-Assess only reads configuration data — it never modifies anything.
CIS Benchmark coverage
Evaluates your tenant against established CIS security baselines, the same controls auditors and compliance teams reference.
Multi-service
Exchange Online, Intune, Teams, Microsoft Purview, and Entra ID — all assessed in one sweep, not five separate tools.
Clean reporting
Actionable findings you can hand to a client or use internally. Structured output, not raw console dumps.
MIT licensed
Free forever. Fork it, modify it, use it commercially. No licensing fees, no usage limits, no vendor lock-in.
Quick Start
Prerequisites
- PowerShell 7+
- A Microsoft 365 tenant
- Appropriate read permissions for the services you want to assess
Installation
git clone https://github.com/Galvnyz/M365-Assess.git Basic Usage
./M365-Assess.ps1 See the full documentation for configuration options, service-specific flags, and report customization.