M365-Assess v2.0

274 automated checks · 14 frameworks · interactive HTML report

Overview

M365-Assess is a read-only PowerShell module that scans your Microsoft 365 tenant against established security baselines and produces a self-contained interactive HTML report. Version 2.0 ships 274 automated checks across 14 compliance frameworks and 8 M365 service areas — Identity, Exchange, Intune, Security, Collaboration, PowerBI, Hybrid, and Purview.

The v2.0 report is a React application inlined into a single portable HTML file. It opens in any browser without a server, weighs 1.3MB, includes a live compliance filter panel, 3 color themes with light and dark modes, paginated navigation, and PDF export via the browser print dialog.

Every check is read-only. M365-Assess connects to your tenant, reads configuration data, and disconnects. Nothing is written, no agents are installed, and results are stored only in a local folder on your machine. The output is a report you can hand directly to a client or attach to an audit deliverable.

What's New in 2.0

React report engine — rebuilt from a 4,424-line PowerShell template to a clean data pipeline. Report size: 6MB+ → 1.3MB.
3 color themes — Neon, Console, and SaaS, each with light and dark modes. High-contrast accessibility mode (WCAG AAA) included.
Baseline drift detection — Compare-M365Baseline compares scans over time and generates a change report.
Consolidated auth — certificate, device code, managed identity, app secret. Full CI/CD pipeline support.

Key Features

Interactive HTML report

React-based, self-contained. 3 color themes (Neon, Console, SaaS) with light and dark modes. Live compliance filter panel, paginated navigation, PDF export via print. No server needed.

274 automated checks

Covers Identity (Entra ID), Exchange Online, Intune, Security (Defender / Secure Score), Collaboration (Teams / SharePoint / OneDrive), PowerBI, Hybrid / AD, and Purview.

14 compliance frameworks

CIS M365 v6, CIS Controls v8, NIST 800-53 Rev 5, NIST CSF, CISA SCuBA, CMMC, Essential Eight, FedRAMP, HIPAA, ISO 27001, MITRE ATT&CK, PCI DSS v4, SOC 2 TSC, DISA STIG.

Baseline drift detection

Compare scans over time with Compare-M365Baseline. See exactly what improved, regressed, or shifted between assessments — useful for demonstrating remediation progress.

Flexible authentication

Certificate, device code, managed identity, app secret, or pre-existing connection. Enforced parameter sets. Full CI/CD support — run automated assessments without interactive sign-in.

MIT licensed

Free forever. Fork it, modify it, use it commercially. No licensing fees, no usage limits, no vendor lock-in.

🚫 No telemetry 🚫 No accounts 🔒 Data stays in your tenant 👁 Read-only Graph API 📄 MIT licensed ⚡ Runs on your machine

Quick Start

Prerequisites

PowerShell 7+
A Microsoft 365 tenant
Read permissions for the services you want to assess (Global Reader or equivalent)

Installation

Install-Module M365-Assess

Basic Usage

Invoke-M365Assessment

See the full documentation for authentication options, section flags, baseline comparison, and report customization.

PowerShell MIT CIS NIST compliance v2.0

View on GitHub Read the docs Read the v2.0 post