Microsoft 365 governance

Your Microsoft 365 tenant, read the way an assessor reads it.

M365 Excellence turns a read-only Microsoft Graph session into a clear view of your security posture, license waste, user activity and regulatory compliance — without installing an agent or storing a single token.

Delegated · read-only · runs in your browser
Live posture scanread-only · Microsoft Graph
62%
286 / 461 pts
Hardening needed

Overall assessment

Baseline controls are partly in place. Four settings weaken the tenant — work the prioritized actions to lift the score.

1 critical 4 review 1 ok Global Admins 6
Conditional AccessReview
User consent to appsCritical
Security DefaultsOK
Frameworks mapped
ISO 27001 NCA ECC SAMA CSF DORA NIS2
What it surfaces

Four lenses on one read-only pass.

Sign in once with delegated read access and M365 Excellence computes everything below in the browser — no data leaves the session it didn't have to.

Security posture

Secure Score, Security Defaults, Conditional Access, legacy authentication and privileged-role exposure — scored into a single verdict with prioritized hardening actions.

Secure ScoreConditional AccessPrivileged rolesLegacy auth

License & capability optimization

Seats purchased versus used, dormant and disabled accounts still consuming licenses, and which paid capabilities are switched off — with the spend you can reclaim.

Seat utilizationDormant licensesCapability activationReclaimable spend

Compliance mapping

Map live tenant signals to ISO 27001, NCA ECC, SAMA CSF, DORA and NIS2. Choose the frameworks per tenant and export an audit-ready report with evidence and gaps.

Per-tenant scopeControl evidenceGap actionsExportable report

User insights

Rank the most inactive and never-active users, flag premium licenses sitting idle, and base dormancy on real sign-ins from the audit log — not on a guess.

Top inactiveNever activePremium idleSign-in based
How it works

Three steps, no infrastructure.

Registering a tenant takes a minute. Assessing it is one sign-in. There is nothing to deploy and nothing to maintain.

Register the tenant

Read-only app registration

Create an Entra app registration and grant delegated Graph consent. A copy-paste manifest and PowerShell script add every scope and consent in one go.

Run the assessment

Graph in your browser

Microsoft Graph is queried entirely client-side at sign-in. Posture, licenses, users and compliance are computed locally — the server never sees a Graph token.

Act on it

Reclaim, harden, report

Reclaim idle licenses, close the hardening gaps, and hand auditors a framework-mapped report. Re-run any tenant whenever you need a fresh picture.

Security & sovereignty

Nothing to deploy. Nothing to store.

M365 Excellence is built for regulated environments across the MENA and GCC region. It reads — it never writes — and your tenant's data stays in the browser session that requested it.

  • Delegated, read-only scopes only. No write permissions, no mailbox access, no agent on any endpoint.
  • Graph tokens never leave the browser. Authentication uses MSAL with PKCE; the platform stores no Graph credentials.
  • Transparent permissions. Every scope is shown before consent, with a manifest and script you control.
  • Bilingual & audit-ready. Reports in English and French, mapped to the frameworks your regulators expect.

Assess your first tenant today.

Sign in to register a Microsoft 365 tenant and run a full posture, licensing and compliance assessment.