How O365Validator Works
Get comprehensive security insights for your Microsoft 365 tenant without installing agents, running scripts, or granting write access. Our read-only assessment gives you actionable results in minutes.
Connect Your Microsoft 365 Tenant
~30 secondsClick 'Get Started' and sign in with your Microsoft 365 administrator account. You'll see a Microsoft consent screen showing exactly which read-only permissions we request.
- Sign in with Global Admin or Security Admin credentials
- Review the specific permissions being requested
- All permissions are read-only - we never modify your tenant
- Consent is granted at the organization level
Automated Security Assessment
2-3 minutesOnce connected, O365Validator automatically queries your tenant configuration through the Microsoft Graph API. We check 270+ security controls across identity, access, and application security.
- Queries are made in real-time against your current configuration
- No agents or software installed in your environment
- Assessment runs entirely in the cloud
- All data transmission is encrypted via TLS 1.3
Review Prioritized Findings
Instant resultsGet a clear, prioritized view of security findings. Each issue includes severity rating, business impact explanation, and step-by-step remediation instructions.
- Findings sorted by severity (Critical, High, Medium, Low)
- Plain-English explanations - no jargon
- Direct links to Microsoft admin portals
- Estimated fix time for each issue
Take Action & Track Progress
OngoingUse our remediation guides to fix issues, then re-run the assessment to verify your improvements. Track your security score over time.
- Step-by-step remediation instructions
- Re-assess anytime to verify fixes
- Historical assessment comparison
- Exportable PDF reports for stakeholders
What We Assess
Our assessment covers critical security domains based on CISA SCuBA baselines, CIS benchmarks, and real-world attack patterns.
Identity & Access
- MFA enforcement for all users
- Legacy authentication protocols blocked
- Privileged role assignments reviewed
- Guest account lifecycle management
Conditional Access
- Risk-based authentication policies
- Device compliance requirements
- Location-based access restrictions
- Session control policies
Application Security
- OAuth app consent permissions
- Service principal credentials
- Third-party app risk analysis
- API permission sprawl detection
Attack Detection
- Token theft risk indicators
- Illicit consent grant detection
- Federation trust monitoring
- Device code phishing prevention
Security You Can Trust
We've designed O365Validator with security as the foundation.
Read-Only Access
We only request permissions to read your configuration. We cannot and will not modify any settings.
AES-256 Encrypted
All access tokens are encrypted with military-grade AES-256-GCM encryption before storage.
Your Data, Your Control
Disconnect anytime from Microsoft admin center. We don't retain raw tenant data.