Tenant Audit#
A comprehensive, read-only security assessment for your Microsoft 365 tenant.
What It Does#
The Andy Kemp Tenant Audit analyses your Microsoft 365 environment and produces a detailed security, compliance, and migration readiness report — all without making any changes to your tenant.
In minutes, you get a clear picture of:
- Where your security gaps are — unprotected identities, excessive admin access, risky OAuth apps
- How you measure against compliance frameworks — NCSC CAF, Cyber Essentials, NIST 800-53
- What needs fixing and in what order — prioritised action plan with quick wins and strategic items
- Executive-ready reporting — CXO summaries, technical deep-dives, and PowerPoint decks
Who It's For#
| Audience | Value |
|---|---|
| IT Administrators | Identify misconfigurations, stale accounts, and security drift |
| CISOs & Security Teams | Benchmark against compliance frameworks with evidence-based scoring |
| C-Suite Executives | Business-impact summaries with risk framing and remediation roadmaps |
| Managed Service Providers | Audit customer tenants quickly and deliver professional reports |
| Organisations preparing for Cyber Essentials | Understand gaps before certification assessment |
How It Works#
Sign in → Enter tenant credentials → Audit runs (2–5 minutes)
↓
70+ checks across identity, data protection, devices, apps, and compliance
↓
Three scores calculated: Security Risk · Compliance Posture · Migration Complexity
↓
Intelligence engine generates findings with severity and recommendations
↓
Download reports: Technical PDF · CXO Executive PDF · CXO PowerPoint
What Gets Checked#
The audit examines 70+ configuration points across your tenant:
| Area | Examples |
|---|---|
| Identity & Access | MFA adoption, Conditional Access policies, Global Admin count, stale accounts, PIM maturity |
| Data Protection | Mailbox forwarding, inbox rules, sensitivity labels, DLP indicators |
| Device Compliance | Intune policies, app protection, device management |
| App Security | OAuth grants, credential expiry, risky enterprise apps |
| Governance | Domains, public folders, Teams, SharePoint, M365 Groups |
| Licensing | SKU utilisation, unused licences, storage usage |
| Compliance | NCSC CAF, Cyber Essentials, Cyber Essentials Plus, NIST 800-53 |
Key Features#
- Read-only — No changes are made to your tenant. No write permissions used.
- Fast — Full audit completes in 2–5 minutes with real-time progress streaming
- Three scoring dimensions — Security Risk, Compliance Posture, and Migration Complexity
- 8 intelligence analysers — Identity attack surface, privileged access, external exposure, and more
- 4 compliance frameworks — NCSC CAF, Cyber Essentials, CE+, NIST 800-53
- Professional reports — Technical PDF, CXO Executive PDF, and editable PowerPoint
- Audit history — Track your security posture over time with trend data
Quick Links#
- What We Check — Full breakdown of every audit area
- Scoring & Ratings — How your scores are calculated
- Compliance Frameworks — Framework mappings and control details
- Intelligence & Insights — What the 8 analysers look for
- Reports & Exports — Report formats and what's included
- Licensing Requirements — What you need to get the most from your audit
- Getting Started — How to run your first audit
- FAQ — Common questions answered