M365-Assess
2.10.1
Comprehensive read-only Microsoft 365 security assessment tool for IT consultants and administrators. Covers Entra ID, Exchange Online, Intune, Defender, SharePoint, Teams, Purview, and Active Directory.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Galvnyz. All rights reserved.
Package Details
Author(s)
- Galvnyz
Tags
Microsoft365 M365 Security Assessment Compliance Audit EntraID Exchange Intune Defender SharePoint Teams PowerBI CIS NIST SOC2 HIPAA ZeroTrust SecurityBaseline
Functions
Invoke-M365Assessment Get-M365ExoSecurityConfig Get-M365DnsSecurityConfig Get-M365EntraSecurityConfig Get-M365CASecurityConfig Get-M365EntAppSecurityConfig Get-M365IntuneSecurityConfig Get-M365DefenderSecurityConfig Get-M365ComplianceSecurityConfig Get-M365SharePointSecurityConfig Get-M365TeamsSecurityConfig Get-M365FormsSecurityConfig Get-M365PowerBISecurityConfig Get-M365PurviewRetentionConfig Grant-M365AssessConsent New-M365ConnectionProfile Set-M365ConnectionProfile Remove-M365ConnectionProfile Get-M365ConnectionProfile Compare-M365Baseline Export-M365Remediation
Dependencies
-
- Microsoft.Graph.Applications (>= 2.25.0)
- Microsoft.Graph.Authentication (>= 2.25.0)
- Microsoft.Graph.DeviceManagement (>= 2.25.0)
- Microsoft.Graph.Identity.DirectoryManagement (>= 2.25.0)
- Microsoft.Graph.Identity.SignIns (>= 2.25.0)
- Microsoft.Graph.Reports (>= 2.25.0)
- Microsoft.Graph.Security (>= 2.25.0)
- Microsoft.Graph.Users (>= 2.25.0)
Release Notes
v2.10.1 - Patch release: four collector data-quality bugs surfaced during v2.10.0 live test. FIXED: ENTRA-ENTAPP-020 (#880) extended Microsoft first-party allowlist from 1 to 4 known owner-tenant GUIDs (Services + Corp + ea8a4392 + Graph CLI Tools cdc5aeea); Connect-MgGraph SP no longer false-positives as impersonator. ENTRA-PIM-* license detection (#881) now uses AAD_PREMIUM_P2 service plan ID instead of hardcoded SkuIds; catches every E5 variant including Developer Pack, education, government, partner SKUs. ENTRA-ADMIN-003 break-glass detail (#882) now lists matched UPNs + [DISABLED] tag in BOTH Pass and Review branches (was only in Pass), with displayName fallback when UPN is null. SPO-AUTH-001 Legacy Auth Protocols (#883) typo fix: now reads isLegacyAuthProtocolsEnabled (Graph v1.0 property uses is- prefix); previously falsely reported "Not available via API" Review in every tenant. PLUS: also includes #845 closeout (MITRE/STIG taxonomy decision documented + regression test) shipped via #877. Sets the stage for v2.11.0 -- Data Quality & Accuracy milestone covering broader collector audit work surfaced this sprint.
FileList
- M365-Assess.nuspec
- ActiveDirectory\Get-ADDCHealthReport.ps1
- ActiveDirectory\Get-ADDomainReport.ps1
- ActiveDirectory\Get-ADReplicationReport.ps1
- ActiveDirectory\Get-ADSecurityReport.ps1
- ActiveDirectory\Get-HybridSyncReport.ps1
- ActiveDirectory\Get-StaleComputers.ps1
- Collaboration\Get-FormsSecurityConfig.ps1
- Collaboration\Get-SharePointOneDriveReport.ps1
- Collaboration\Get-SharePointSecurityConfig.ps1
- Collaboration\Get-TeamsAccessReport.ps1
- Collaboration\Get-TeamsSecurityConfig.ps1
- Common\Build-DriftHtml.ps1
- Common\Build-IntuneOverviewHtml.ps1
- Common\Build-RemediationPlanHtml.ps1
- Common\Build-ReportData.ps1
- Common\Build-SectionHtml.ps1
- Common\Build-ValueOpportunityHtml.ps1
- Common\Connect-Service.ps1
- Common\ConvertTo-FrameworkFilter.ps1
- Common\Export-AssessmentBridgeJson.ps1
- Common\Export-AssessmentReport.ps1
- Common\Export-ComplianceMatrix.ps1
- Common\Export-ComplianceOverview.ps1
- Common\Export-EvidencePackage.ps1
- Common\Export-FrameworkCatalog.ps1
- Common\Export-M365Remediation.ps1
- Common\Get-BaselineTrend.ps1
- Common\Get-RedactionRules.ps1
- Common\Get-RemediationLane.ps1
- Common\Get-ReportTemplate.ps1
- Common\Import-CmmcHandoff.ps1
- Common\Import-ControlRegistry.ps1
- Common\Import-FrameworkDefinitions.ps1
- Common\New-M365BrandingConfig.ps1
- Common\ReportHelpers.ps1
- Common\Resolve-DnsRecord.ps1
- Common\Resolve-TenantIdentity.ps1
- Common\Resolve-TenantLicenses.ps1
- Common\SecurityConfigHelper.ps1
- Common\Show-CheckProgress.ps1
- Common\soc2-control-mapping.json
- Entra\EntraAdminRoleChecks.ps1
- Entra\EntraConditionalAccessChecks.ps1
- Entra\EntraHelpers.ps1
- Entra\EntraPasswordAuthChecks.ps1
- Entra\EntraUserGroupChecks.ps1
- Entra\Get-AdminRoleReport.ps1
- Entra\Get-AppRegistrationReport.ps1
- Entra\Get-CASecurityConfig.ps1
- Entra\Get-ConditionalAccessReport.ps1
- Entra\Get-EntAppSecurityConfig.ps1
- Entra\Get-EntraAdminRoleSeparationConfig.ps1
- Entra\Get-EntraCaRemoteDevicePolicy.ps1
- Entra\Get-EntraPrivRemoteConfig.ps1
- Entra\Get-EntraSecurityConfig.ps1
- Entra\Get-EntraSoDConfig.ps1
- Entra\Get-EntraTouConfig.ps1
- Entra\Get-InactiveUsers.ps1
- Entra\Get-LicenseReport.ps1
- Entra\Get-MfaReport.ps1
- Entra\Get-PasswordPolicyReport.ps1
- Entra\Get-TenantInfo.ps1
- Entra\Get-UserSummary.ps1
- Exchange-Online\Get-DnsSecurityConfig.ps1
- Exchange-Online\Get-EmailSecurityReport.ps1
- Exchange-Online\Get-ExoSecurityConfig.ps1
- Exchange-Online\Get-MailFlowReport.ps1
- Exchange-Online\Get-MailboxPermissionReport.ps1
- Exchange-Online\Get-MailboxSummary.ps1
- Intune\Get-CompliancePolicyReport.ps1
- Intune\Get-ConfigProfileReport.ps1
- Intune\Get-DeviceComplianceReport.ps1
- Intune\Get-DeviceSummary.ps1
- Intune\Get-IntuneAlwaysOnVpnConfig.ps1
- Intune\Get-IntuneAppControlConfig.ps1
- Intune\Get-IntuneAutoDiscConfig.ps1
- Intune\Get-IntuneFipsConfig.ps1
- Intune\Get-IntuneInventoryConfig.ps1
- Intune\Get-IntuneMobileEncryptConfig.ps1
- Intune\Get-IntunePortStorageConfig.ps1
- Intune\Get-IntuneRemovableMediaConfig.ps1
- Intune\Get-IntuneSecurityConfig.ps1
- Intune\Get-IntuneVpnSplitTunnelConfig.ps1
- Intune\Get-IntuneWifiEapConfig.ps1
- Inventory\Get-GroupInventory.ps1
- Inventory\Get-MailboxInventory.ps1
- Inventory\Get-OneDriveInventory.ps1
- Inventory\Get-SharePointInventory.ps1
- Inventory\Get-TeamsInventory.ps1
- Invoke-M365Assessment.ps1
- M365-Assess.psd1
- M365-Assess.psm1
- Networking\Test-PortConnectivity.ps1
- Orchestrator\AssessmentHelpers.ps1
- Orchestrator\AssessmentMaps.ps1
- Orchestrator\Compare-AssessmentBaseline.ps1
- Orchestrator\Compare-M365Baseline.ps1
- Orchestrator\Connect-RequiredService.ps1
- Orchestrator\Export-AssessmentBaseline.ps1
- Orchestrator\Invoke-DnsAuthentication.ps1
- Orchestrator\Resolve-M365Environment.ps1
- Orchestrator\Show-InteractiveWizard.ps1
- Orchestrator\Test-BlockedScripts.ps1
- Orchestrator\Test-GraphPermissions.ps1
- Orchestrator\Test-ModuleCompatibility.ps1
- PowerBI\Get-PowerBISecurityConfig.ps1
- Purview\Get-AuditRetentionReport.ps1
- Purview\Get-PurviewRetentionConfig.ps1
- Purview\Search-AuditLog.ps1
- SOC2\Get-SOC2AuditEvidence.ps1
- SOC2\Get-SOC2ConfidentialityControls.ps1
- SOC2\Get-SOC2ReadinessChecklist.ps1
- SOC2\Get-SOC2SecurityControls.ps1
- Security\DefenderAntiMalwareChecks.ps1
- Security\DefenderAntiPhishingChecks.ps1
- Security\DefenderAntiSpamChecks.ps1
- Security\DefenderHelpers.ps1
- Security\DefenderPresetZapChecks.ps1
- Security\DefenderSafeAttLinksChecks.ps1
- Security\Get-ComplianceSecurityConfig.ps1
- Security\Get-DefenderCfgDetectConfig.ps1
- Security\Get-DefenderPolicyReport.ps1
- Security\Get-DefenderScanConfig.ps1
- Security\Get-DefenderSecureMonConfig.ps1
- Security\Get-DefenderSecurityConfig.ps1
- Security\Get-DefenderVulnScanConfig.ps1
- Security\Get-DlpPolicyReport.ps1
- Security\Get-LocalAdmins.ps1
- Security\Get-SecureScoreReport.ps1
- Security\Get-StrykerIncidentReadiness.ps1
- Setup\Get-M365ConnectionProfile.ps1
- Setup\Grant-M365AssessConsent.ps1
- Setup\PermissionDefinitions.ps1
- Setup\Save-M365ConnectionProfile.ps1
- ValueOpportunity\Get-FeatureAdoption.ps1
- ValueOpportunity\Get-FeatureReadiness.ps1
- ValueOpportunity\Get-LicenseUtilization.ps1
- ValueOpportunity\Measure-ValueOpportunity.ps1
- Windows\Get-InstalledSoftware.ps1
- assets\Update-SkuCsv.ps1
- assets\m365-assess-bg.png
- assets\m365-assess-logo-cropped -white.png
- assets\m365-assess-logo-cropped.png
- assets\m365-assess-logo-dark.png
- assets\m365-assess-logo-light.png
- assets\m365-assess-logo-white.png
- assets\m365-assess-logo.png
- assets\react-dom.production.min.js
- assets\react.production.min.js
- assets\report-app.js
- assets\report-app.jsx
- assets\report-shell.css
- assets\report-themes.css
- assets\sku-friendly-names.csv
- controls\README.md
- controls\cmmc-ez-handoff.json
- controls\frameworks\cis-controls-v8.json
- controls\frameworks\cis-m365-v6.json
- controls\frameworks\cisa-scuba.json
- controls\frameworks\cmmc.json
- controls\frameworks\essential-eight.json
- controls\frameworks\fedramp.json
- controls\frameworks\hipaa.json
- controls\frameworks\iso-27001.json
- controls\frameworks\iso-27002.json
- controls\frameworks\mitre-attack.json
- controls\frameworks\nist-800-53-r5.json
- controls\frameworks\nist-csf.json
- controls\frameworks\pci-dss-v4.json
- controls\frameworks\soc2-tsc.json
- controls\frameworks\stig.json
- controls\learn-more.json
- controls\licensing-overlay.json
- controls\local-extensions.json
- controls\mitre-technique-map.json
- controls\registry.json
- controls\risk-severity.json
- controls\role-tiers.json
- controls\sku-feature-map.json
- controls\tier0-permissions.json
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.11.0 | 49 | 5/1/2026 |
| 2.10.1 (current version) | 23 | 4/30/2026 |
| 2.10.0 | 8 | 4/29/2026 |
| 2.9.3 | 20 | 4/29/2026 |
| 2.9.2 | 25 | 4/27/2026 |
| 2.9.1 | 28 | 4/26/2026 |
| 2.9.0 | 5 | 4/26/2026 |
| 2.6.0 | 7 | 4/25/2026 |
| 2.4.0 | 62 | 4/23/2026 |
| 2.2.0 | 99 | 4/20/2026 |
| 2.1.0 | 33 | 4/20/2026 |
| 2.0.0 | 7 | 4/19/2026 |
| 1.16.0 | 7 | 4/18/2026 |
| 1.15.0 | 7 | 4/18/2026 |
| 1.9.0 | 120 | 4/7/2026 |
| 1.8.1 | 8 | 4/7/2026 |
| 1.8.0 | 10 | 4/7/2026 |
| 1.7.0 | 11 | 4/7/2026 |
| 1.6.0 | 24 | 4/6/2026 |
| 1.5.0 | 15 | 4/3/2026 |
| 1.2.0 | 9 | 4/2/2026 |
| 1.0.1 | 41 | 3/31/2026 |
| 1.0.0 | 5 | 3/30/2026 |