CS

Free · no account required

Two Free Security Checks

Start with a 30-second domain scan, then go deeper with a full Microsoft 365 Security Posture Assessment. Both at no cost, no credit card.

Domain scan: instant resultsM365 assessment: 5 business daysPrioritised remediation report

Run your security check

Enter your business domain and we'll analyse your security posture. Results are delivered to your email.

Australian numbers only

By submitting, you agree to our Privacy Policy. We only use your details to deliver your report.

What we check

Our passive scan analyses publicly available information. No credentials required, no intrusive probing.

Email Authentication

  • SPF Record

    Sender Policy Framework: authorises servers to send email on your behalf.

  • DKIM

    DomainKeys Identified Mail: cryptographic email signing.

  • DMARC Policy

    Domain-based Message Authentication: controls what happens to unauthenticated email.

  • MX Records

    Mail exchange records: identifies your email server configuration.

Web Security

  • TLS Configuration

    Transport Layer Security: encrypts data in transit to your web server.

  • Security Headers

    HTTP security headers: browser-enforced protections against common attacks.

Exposure Checks

  • HTTP Exposure

    Checks whether your domain forces visitors to a secure HTTPS connection.

  • Dark Web Exposure

    Checks whether staff email addresses from your domain appear in known data breaches. Available in our managed security service.

Passive scans only. We query publicly available DNS records, HTTPS certificates, and security headers. We do not probe, exploit, or authenticate to any system.

What we typically find

What we find in almost every tenant

These are not rare edge cases. They are the default state of most Microsoft 365 environments when we run our first assessment.

MFA is on, but not enforced

MFA is enabled as an option but users can still authenticate without it. Legacy protocols bypass it entirely.

Legacy authentication still active

Basic auth protocols pre-date Conditional Access and ignore it completely. Attackers know this.

Conditional Access gaps

Policies exist but have exceptions. Specific apps, locations, or user accounts fall outside the coverage.

DMARC set to p=none

The domain has a DMARC record but enforcement is off. Your domain can still be spoofed freely.

No backup for M365 data

Microsoft does not back up your mailboxes, SharePoint, or Teams by default. That is your responsibility.

Shared mailboxes without controls

Shared mailboxes are often accessible without MFA and have no audit logging or access governance in place.

Step 2: Go deeper

Free M365 Security
Posture Assessment

Your domain scan shows the public-facing picture. A Microsoft 365 Security Posture Assessment goes inside your tenant, reviewing the controls that stop 95% of breaches, assessed by an engineer who works with M365 every day.

You receive a prioritised remediation report within 5 business days. No vendor pitch at the end. Just a clear list of what to fix and in what order.

  • Conditional Access policy review
  • MFA enforcement gaps
  • Legacy authentication exposure
  • Mailbox & delegate permissions audit
  • SharePoint & OneDrive external sharing
  • Exchange Online protection configuration
  • Azure AD / Entra identity hygiene
  • Microsoft Secure Score analysis
Delivered within 5 business days

Book your free assessment

Takes 2 minutes. We handle the rest.

Free, no obligation. We assess your tenant and deliver a prioritised report within 5 business days.

Privacy & how we use your data

We only use your domain and email to run the security check and send you the results. We do not share your data with third parties or add you to marketing lists without your consent. Scans are passive: we query publicly available DNS and HTTPS records only.