O365Validatorby Trifident
Transparent Methodology

267+ Security Validations

We believe in complete transparency about what we check and how we count. Here's the exact breakdown of every security validation we perform.

142
Security Checks
63
App Intelligence
50
MITRE Mappings
12
Attack Detections

And always improving — we add new checks as threats evolve

Complete Breakdown

Every number is verifiable. Our check definitions are derived from industry standards and real-world attack patterns we've seen in breach investigations.

Security Assessment Checks

Configuration audits against industry frameworks

142
checks
Entra ID (CIS)
31
Entra ID (CISA SCuBA)
30
Entra ID (Custom)
12
Exchange Online
34
SharePoint & OneDrive
12
Microsoft Teams
6
Defender for Office 365
6
Microsoft Purview
4
Power Platform
5
Microsoft Intune
2

App Intelligence Database

63

Known good and malicious OAuth applications

Known Malicious Apps
Mail exfil, credential theft, BEC tools
19
Microsoft First-Party Apps
Verified Microsoft applications
30
Trusted Third-Party Apps
CrowdStrike, Okta, Slack, Zoom, etc.
14

MITRE ATT&CK Coverage

50

Threat framework mappings for context

ATT&CK Techniques
Mapped attack techniques (T1078, T1566, etc.)
17
Event-to-MITRE Mappings
Detection events linked to framework
22
Tactical Coverage
Initial Access, Persistence, etc.
11

Attack Pattern Detection

12

Real-time threat detection rules

Detection Engine Rules
Risky sign-ins, impossible travel, etc.
12

Built on Industry Standards

Our checks aren't arbitrary — they're derived from authoritative security frameworks trusted by enterprises and government agencies.

CISA SCuBA

Secure Cloud Business Applications

Federal security baselines for M365

30 checks

CIS Benchmarks

Center for Internet Security

Microsoft 365 Foundations v3.1.0

31 checks

NIST 800-53

Security & Privacy Controls

Mapped for compliance reporting

Mapped

MITRE ATT&CK

Adversary Tactics & Techniques

Cloud-specific threat mappings

50 checks
Beyond Compliance

Active Threat Detection

Compliance checklists catch misconfigurations. Our threat intelligence catches active attacks and indicators of compromise.

Malicious OAuth App Detection

19 known bad apps in our database

We maintain a database of OAuth applications known to be used in attacks, including consent phishing tools and BEC malware.

PerfectData Software (mailbox exfiltration)
eM Client, Edison Mail (credential theft)
Rclone (file exfiltration tool)
...and 15 more tracked applications

Known Good App Whitelist

44 verified safe applications

Reduces false positives by recognizing legitimate enterprise applications so you can focus on truly suspicious activity.

30 Microsoft first-party apps
CrowdStrike, SentinelOne (security tools)
Okta, Slack, Zoom, ServiceNow
Adobe, Salesforce, and more

Custom Attack Patterns

Proprietary detection from real breaches

Detection rules developed from our incident response work, catching attacks that compliance checklists miss.

Suspicious inbox rules (forwarding, auto-delete)
Federation abuse & Golden SAML indicators
Risky OAuth permission grants
Compromised sync account detection

MITRE ATT&CK Mapping

Industry-standard threat framework

Every finding is mapped to MITRE ATT&CK techniques, giving security teams context for prioritization.

T1078: Valid Accounts
T1566: Phishing
T1098: Account Manipulation
+ 14 more techniques mapped

Our Transparency Commitment

Unlike competitors who inflate their check counts with vague marketing, we publish exactly what we check and how we count. Every number on this page is derived directly from our codebase. When we improve, we update this page.

142 Security Checks
63 App Intelligence Rules
50 MITRE Mappings
12 Attack Detections
267+
total validations
and always improving

See Your Tenant's Security Posture

Get a comprehensive assessment against all 267+ security validations. Free for your first assessment, no credit card required.