M365-Assess
2.11.0
Comprehensive read-only Microsoft 365 security assessment tool for IT consultants and administrators. Covers Entra ID, Exchange Online, Intune, Defender, SharePoint, Teams, Purview, and Active Directory.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Galvnyz. All rights reserved.
Package Details
Author(s)
- Galvnyz
Tags
Microsoft365 M365 Security Assessment Compliance Audit EntraID Exchange Intune Defender SharePoint Teams PowerBI CIS NIST SOC2 HIPAA ZeroTrust SecurityBaseline
Functions
Invoke-M365Assessment Get-M365ExoSecurityConfig Get-M365DnsSecurityConfig Get-M365EntraSecurityConfig Get-M365CASecurityConfig Get-M365EntAppSecurityConfig Get-M365IntuneSecurityConfig Get-M365DefenderSecurityConfig Get-M365ComplianceSecurityConfig Get-M365SharePointSecurityConfig Get-M365TeamsSecurityConfig Get-M365FormsSecurityConfig Get-M365PowerBISecurityConfig Get-M365PurviewRetentionConfig Grant-M365AssessConsent New-M365ConnectionProfile Set-M365ConnectionProfile Remove-M365ConnectionProfile Get-M365ConnectionProfile Compare-M365Baseline Export-M365Remediation
Dependencies
-
- Microsoft.Graph.Applications (>= 2.25.0)
- Microsoft.Graph.Authentication (>= 2.25.0)
- Microsoft.Graph.DeviceManagement (>= 2.25.0)
- Microsoft.Graph.Identity.DirectoryManagement (>= 2.25.0)
- Microsoft.Graph.Identity.SignIns (>= 2.25.0)
- Microsoft.Graph.Reports (>= 2.25.0)
- Microsoft.Graph.Security (>= 2.25.0)
- Microsoft.Graph.Users (>= 2.25.0)
Release Notes
v2.11.0 - Data Quality & Accuracy milestone closeout. ADDED: Sequence column + filter chips on findings table (#898) make the table self-sufficient as a Now/Next/Later working surface; Copy-finding-as-markdown button (#901) for easy ticket/email handoff; truncated check-id with hover-tooltip (#900) tightens the finding-detail layout. RESEARCH ARTIFACTS: roadmap-vs-findings-table hybrid decision (#899) sets the v3.0 path for the Roadmap section; owner-ticket Phase 5 spec (#903) locks down v1/v2 split for the 7 open design questions; remediation-path-rot decision (#879) chooses MS Learn URLs over hardcoded admin-center breadcrumbs as the primary remediation surface. FIXED: ENTRA-SSPR-001 (#878) was reading the MFA Registration Campaign and labeling it as SSPR enablement; collector now emits Status=Review with manual-verify instruction (the legacy SSPR toggle is not exposed by Microsoft Graph). DATA: CheckID v3.4.0 registry sync brings 200+ control updates and HIPAA Subpart D + E (Breach Notification + Privacy Rule) coverage. DOCS: aggressive consolidation of 19 stub redirects (#905, #906, #907) and a full module install matrix in QUICKSTART (#910). Plus a new REPORT-USER-GUIDE.md (#897, #904) covering edit-mode + finalize + interactive panels.
FileList
- M365-Assess.nuspec
- ActiveDirectory\Get-ADDCHealthReport.ps1
- ActiveDirectory\Get-ADDomainReport.ps1
- ActiveDirectory\Get-ADReplicationReport.ps1
- ActiveDirectory\Get-ADSecurityReport.ps1
- ActiveDirectory\Get-HybridSyncReport.ps1
- ActiveDirectory\Get-StaleComputers.ps1
- Collaboration\Get-FormsSecurityConfig.ps1
- Collaboration\Get-SharePointOneDriveReport.ps1
- Collaboration\Get-SharePointSecurityConfig.ps1
- Collaboration\Get-TeamsAccessReport.ps1
- Collaboration\Get-TeamsSecurityConfig.ps1
- Common\Build-DriftHtml.ps1
- Common\Build-IntuneOverviewHtml.ps1
- Common\Build-RemediationPlanHtml.ps1
- Common\Build-ReportData.ps1
- Common\Build-SectionHtml.ps1
- Common\Build-ValueOpportunityHtml.ps1
- Common\Connect-Service.ps1
- Common\ConvertTo-FrameworkFilter.ps1
- Common\Export-AssessmentBridgeJson.ps1
- Common\Export-AssessmentReport.ps1
- Common\Export-ComplianceMatrix.ps1
- Common\Export-ComplianceOverview.ps1
- Common\Export-EvidencePackage.ps1
- Common\Export-FrameworkCatalog.ps1
- Common\Export-M365Remediation.ps1
- Common\Get-BaselineTrend.ps1
- Common\Get-RedactionRules.ps1
- Common\Get-RemediationLane.ps1
- Common\Get-ReportTemplate.ps1
- Common\Import-CmmcHandoff.ps1
- Common\Import-ControlRegistry.ps1
- Common\Import-FrameworkDefinitions.ps1
- Common\New-M365BrandingConfig.ps1
- Common\ReportHelpers.ps1
- Common\Resolve-DnsRecord.ps1
- Common\Resolve-TenantIdentity.ps1
- Common\Resolve-TenantLicenses.ps1
- Common\SecurityConfigHelper.ps1
- Common\Show-CheckProgress.ps1
- Common\soc2-control-mapping.json
- Entra\EntraAdminRoleChecks.ps1
- Entra\EntraConditionalAccessChecks.ps1
- Entra\EntraHelpers.ps1
- Entra\EntraPasswordAuthChecks.ps1
- Entra\EntraUserGroupChecks.ps1
- Entra\Get-AdminRoleReport.ps1
- Entra\Get-AppRegistrationReport.ps1
- Entra\Get-CASecurityConfig.ps1
- Entra\Get-ConditionalAccessReport.ps1
- Entra\Get-EntAppSecurityConfig.ps1
- Entra\Get-EntraAdminRoleSeparationConfig.ps1
- Entra\Get-EntraCaRemoteDevicePolicy.ps1
- Entra\Get-EntraPrivRemoteConfig.ps1
- Entra\Get-EntraSecurityConfig.ps1
- Entra\Get-EntraSoDConfig.ps1
- Entra\Get-EntraTouConfig.ps1
- Entra\Get-InactiveUsers.ps1
- Entra\Get-LicenseReport.ps1
- Entra\Get-MfaReport.ps1
- Entra\Get-PasswordPolicyReport.ps1
- Entra\Get-TenantInfo.ps1
- Entra\Get-UserSummary.ps1
- Exchange-Online\Get-DnsSecurityConfig.ps1
- Exchange-Online\Get-EmailSecurityReport.ps1
- Exchange-Online\Get-ExoSecurityConfig.ps1
- Exchange-Online\Get-MailFlowReport.ps1
- Exchange-Online\Get-MailboxPermissionReport.ps1
- Exchange-Online\Get-MailboxSummary.ps1
- Intune\Get-CompliancePolicyReport.ps1
- Intune\Get-ConfigProfileReport.ps1
- Intune\Get-DeviceComplianceReport.ps1
- Intune\Get-DeviceSummary.ps1
- Intune\Get-IntuneAlwaysOnVpnConfig.ps1
- Intune\Get-IntuneAppControlConfig.ps1
- Intune\Get-IntuneAutoDiscConfig.ps1
- Intune\Get-IntuneFipsConfig.ps1
- Intune\Get-IntuneInventoryConfig.ps1
- Intune\Get-IntuneMobileEncryptConfig.ps1
- Intune\Get-IntunePortStorageConfig.ps1
- Intune\Get-IntuneRemovableMediaConfig.ps1
- Intune\Get-IntuneSecurityConfig.ps1
- Intune\Get-IntuneVpnSplitTunnelConfig.ps1
- Intune\Get-IntuneWifiEapConfig.ps1
- Inventory\Get-GroupInventory.ps1
- Inventory\Get-MailboxInventory.ps1
- Inventory\Get-OneDriveInventory.ps1
- Inventory\Get-SharePointInventory.ps1
- Inventory\Get-TeamsInventory.ps1
- Invoke-M365Assessment.ps1
- M365-Assess.psd1
- M365-Assess.psm1
- Networking\Test-PortConnectivity.ps1
- Orchestrator\AssessmentHelpers.ps1
- Orchestrator\AssessmentMaps.ps1
- Orchestrator\Compare-AssessmentBaseline.ps1
- Orchestrator\Compare-M365Baseline.ps1
- Orchestrator\Connect-RequiredService.ps1
- Orchestrator\Export-AssessmentBaseline.ps1
- Orchestrator\Invoke-DnsAuthentication.ps1
- Orchestrator\Resolve-M365Environment.ps1
- Orchestrator\Show-InteractiveWizard.ps1
- Orchestrator\Test-BlockedScripts.ps1
- Orchestrator\Test-GraphPermissions.ps1
- Orchestrator\Test-ModuleCompatibility.ps1
- PowerBI\Get-PowerBISecurityConfig.ps1
- Purview\Get-AuditRetentionReport.ps1
- Purview\Get-PurviewRetentionConfig.ps1
- Purview\Search-AuditLog.ps1
- SOC2\Get-SOC2AuditEvidence.ps1
- SOC2\Get-SOC2ConfidentialityControls.ps1
- SOC2\Get-SOC2ReadinessChecklist.ps1
- SOC2\Get-SOC2SecurityControls.ps1
- Security\DefenderAntiMalwareChecks.ps1
- Security\DefenderAntiPhishingChecks.ps1
- Security\DefenderAntiSpamChecks.ps1
- Security\DefenderHelpers.ps1
- Security\DefenderPresetZapChecks.ps1
- Security\DefenderSafeAttLinksChecks.ps1
- Security\Get-ComplianceSecurityConfig.ps1
- Security\Get-DefenderCfgDetectConfig.ps1
- Security\Get-DefenderPolicyReport.ps1
- Security\Get-DefenderScanConfig.ps1
- Security\Get-DefenderSecureMonConfig.ps1
- Security\Get-DefenderSecurityConfig.ps1
- Security\Get-DefenderVulnScanConfig.ps1
- Security\Get-DlpPolicyReport.ps1
- Security\Get-LocalAdmins.ps1
- Security\Get-SecureScoreReport.ps1
- Security\Get-StrykerIncidentReadiness.ps1
- Setup\Get-M365ConnectionProfile.ps1
- Setup\Grant-M365AssessConsent.ps1
- Setup\PermissionDefinitions.ps1
- Setup\Save-M365ConnectionProfile.ps1
- ValueOpportunity\Get-FeatureAdoption.ps1
- ValueOpportunity\Get-FeatureReadiness.ps1
- ValueOpportunity\Get-LicenseUtilization.ps1
- ValueOpportunity\Measure-ValueOpportunity.ps1
- Windows\Get-InstalledSoftware.ps1
- assets\Update-SkuCsv.ps1
- assets\m365-assess-bg.png
- assets\m365-assess-logo-cropped -white.png
- assets\m365-assess-logo-cropped.png
- assets\m365-assess-logo-dark.png
- assets\m365-assess-logo-light.png
- assets\m365-assess-logo-white.png
- assets\m365-assess-logo.png
- assets\react-dom.production.min.js
- assets\react.production.min.js
- assets\report-app.js
- assets\report-app.jsx
- assets\report-shell.css
- assets\report-themes.css
- assets\sku-friendly-names.csv
- controls\README.md
- controls\cmmc-ez-handoff.json
- controls\frameworks\cis-controls-v8.json
- controls\frameworks\cis-m365-v6.json
- controls\frameworks\cisa-scuba.json
- controls\frameworks\cmmc.json
- controls\frameworks\essential-eight.json
- controls\frameworks\fedramp.json
- controls\frameworks\hipaa.json
- controls\frameworks\iso-27001.json
- controls\frameworks\iso-27002.json
- controls\frameworks\mitre-attack.json
- controls\frameworks\nist-800-53-r5.json
- controls\frameworks\nist-csf.json
- controls\frameworks\pci-dss-v4.json
- controls\frameworks\soc2-tsc.json
- controls\frameworks\stig.json
- controls\learn-more.json
- controls\licensing-overlay.json
- controls\local-extensions.json
- controls\microsoft-first-party-appids.json
- controls\mitre-technique-map.json
- controls\registry.json
- controls\risk-severity.json
- controls\role-tiers.json
- controls\sku-feature-map.json
- controls\tier0-permissions.json
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.11.0 (current version) | 49 | 5/1/2026 |
| 2.10.1 | 23 | 4/30/2026 |
| 2.10.0 | 8 | 4/29/2026 |
| 2.9.3 | 20 | 4/29/2026 |
| 2.9.2 | 25 | 4/27/2026 |
| 2.9.1 | 28 | 4/26/2026 |
| 2.9.0 | 5 | 4/26/2026 |
| 2.6.0 | 7 | 4/25/2026 |
| 2.4.0 | 62 | 4/23/2026 |
| 2.2.0 | 99 | 4/20/2026 |
| 2.1.0 | 33 | 4/20/2026 |
| 2.0.0 | 7 | 4/19/2026 |
| 1.16.0 | 7 | 4/18/2026 |
| 1.15.0 | 7 | 4/18/2026 |
| 1.9.0 | 120 | 4/7/2026 |
| 1.8.1 | 8 | 4/7/2026 |
| 1.8.0 | 10 | 4/7/2026 |
| 1.7.0 | 11 | 4/7/2026 |
| 1.6.0 | 24 | 4/6/2026 |
| 1.5.0 | 15 | 4/3/2026 |
| 1.2.0 | 9 | 4/2/2026 |
| 1.0.1 | 41 | 3/31/2026 |
| 1.0.0 | 5 | 3/30/2026 |