M365-Assess
2.12.0
Comprehensive read-only Microsoft 365 security assessment tool for IT consultants and administrators. Covers Entra ID, Exchange Online, Intune, Defender, SharePoint, Teams, Purview, and Active Directory.
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Galvnyz. All rights reserved.
Package Details
Author(s)
- Galvnyz
Tags
Microsoft365 M365 Security Assessment Compliance Audit EntraID Exchange Intune Defender SharePoint Teams PowerBI CIS NIST SOC2 HIPAA ZeroTrust SecurityBaseline
Functions
Invoke-M365Assessment Get-M365ExoSecurityConfig Get-M365DnsSecurityConfig Get-M365EntraSecurityConfig Get-M365CASecurityConfig Get-M365EntAppSecurityConfig Get-M365IntuneSecurityConfig Get-M365DefenderSecurityConfig Get-M365ComplianceSecurityConfig Get-M365SharePointSecurityConfig Get-M365TeamsSecurityConfig Get-M365FormsSecurityConfig Get-M365PowerBISecurityConfig Get-M365PurviewRetentionConfig Grant-M365AssessConsent New-M365ConnectionProfile Set-M365ConnectionProfile Remove-M365ConnectionProfile Get-M365ConnectionProfile Compare-M365Baseline Export-M365Remediation
Dependencies
-
- Microsoft.Graph.Applications (>= 2.25.0)
- Microsoft.Graph.Authentication (>= 2.25.0)
- Microsoft.Graph.DeviceManagement (>= 2.25.0)
- Microsoft.Graph.Identity.DirectoryManagement (>= 2.25.0)
- Microsoft.Graph.Identity.SignIns (>= 2.25.0)
- Microsoft.Graph.Reports (>= 2.25.0)
- Microsoft.Graph.Security (>= 2.25.0)
- Microsoft.Graph.Users (>= 2.25.0)
Release Notes
v2.12.0 - Report clarity + scale trust. ADDED: Executive Briefing first screen (#963) opens the report with a compliance verdict card, actionable-criticals/quick-wins/Secure Score tiles, and a What-to-do-first list; -HeadlineFramework parameter (#963) picks the framework that headlines it; Invoke-SafeGraphRequest (#952) adds Graph pagination + Retry-After-aware 429/503/504 retry, first wired into enterprise app, Stryker risky-apps, and Conditional Access collection; generated registry statistics with a CI drift gate keep every published check count in sync with controls/registry.json. CHANGED: report clarity pass (#962) groups not-assessed statuses into one muted bucket, ships the CheckID column hidden by default, adds a status legend with tooltips, standardizes N-of-M number formats, and expands jargon on first use; registry partitioned to M365 collector scope (292 checks, ~3.0 MB, down from the full upstream registry); all 292 checks now carry explicit severity ratings (#956) - note -QuickScan selects ~40 more checks; EXO 3.8.0+ no longer needs to be uninstalled (#231) - install 3.7.1 side-by-side and the session pins it automatically. FIXED: NaN counts and mismatched denominators in report math (#962); framework group keys rendering as raw codes (#948); stale check counts in docs.
FileList
- M365-Assess.nuspec
- ActiveDirectory\Get-ADDCHealthReport.ps1
- ActiveDirectory\Get-ADDomainReport.ps1
- ActiveDirectory\Get-ADReplicationReport.ps1
- ActiveDirectory\Get-ADSecurityReport.ps1
- ActiveDirectory\Get-HybridSyncReport.ps1
- ActiveDirectory\Get-StaleComputers.ps1
- Collaboration\Get-FormsSecurityConfig.ps1
- Collaboration\Get-SharePointOneDriveReport.ps1
- Collaboration\Get-SharePointSecurityConfig.ps1
- Collaboration\Get-TeamsAccessReport.ps1
- Collaboration\Get-TeamsSecurityConfig.ps1
- Common\Build-DriftHtml.ps1
- Common\Build-IntuneOverviewHtml.ps1
- Common\Build-RemediationPlanHtml.ps1
- Common\Build-ReportData.ps1
- Common\Build-SectionHtml.ps1
- Common\Build-ValueOpportunityHtml.ps1
- Common\Connect-Service.ps1
- Common\ConvertTo-FrameworkFilter.ps1
- Common\Export-AssessmentBridgeJson.ps1
- Common\Export-AssessmentReport.ps1
- Common\Export-ComplianceMatrix.ps1
- Common\Export-ComplianceOverview.ps1
- Common\Export-EvidencePackage.ps1
- Common\Export-FrameworkCatalog.ps1
- Common\Export-M365Remediation.ps1
- Common\Get-BaselineTrend.ps1
- Common\Get-RedactionRules.ps1
- Common\Get-RemediationLane.ps1
- Common\Get-ReportTemplate.ps1
- Common\Import-CmmcHandoff.ps1
- Common\Import-ControlRegistry.ps1
- Common\Import-FrameworkDefinitions.ps1
- Common\Invoke-SafeGraphRequest.ps1
- Common\New-M365BrandingConfig.ps1
- Common\ReportHelpers.ps1
- Common\Resolve-DnsRecord.ps1
- Common\Resolve-TenantIdentity.ps1
- Common\Resolve-TenantLicenses.ps1
- Common\SecurityConfigHelper.ps1
- Common\Show-CheckProgress.ps1
- Common\soc2-control-mapping.json
- Entra\EntraAdminRoleChecks.ps1
- Entra\EntraConditionalAccessChecks.ps1
- Entra\EntraHelpers.ps1
- Entra\EntraPasswordAuthChecks.ps1
- Entra\EntraUserGroupChecks.ps1
- Entra\Get-AdminRoleReport.ps1
- Entra\Get-AppRegistrationReport.ps1
- Entra\Get-CASecurityConfig.ps1
- Entra\Get-ConditionalAccessReport.ps1
- Entra\Get-EntAppSecurityConfig.ps1
- Entra\Get-EntraAdminRoleSeparationConfig.ps1
- Entra\Get-EntraCaRemoteDevicePolicy.ps1
- Entra\Get-EntraPrivRemoteConfig.ps1
- Entra\Get-EntraSecurityConfig.ps1
- Entra\Get-EntraSoDConfig.ps1
- Entra\Get-EntraTouConfig.ps1
- Entra\Get-InactiveUsers.ps1
- Entra\Get-LicenseReport.ps1
- Entra\Get-MfaReport.ps1
- Entra\Get-PasswordPolicyReport.ps1
- Entra\Get-TenantInfo.ps1
- Entra\Get-UserSummary.ps1
- Exchange-Online\Get-DnsSecurityConfig.ps1
- Exchange-Online\Get-EmailSecurityReport.ps1
- Exchange-Online\Get-ExoSecurityConfig.ps1
- Exchange-Online\Get-MailFlowReport.ps1
- Exchange-Online\Get-MailboxPermissionReport.ps1
- Exchange-Online\Get-MailboxSummary.ps1
- Intune\Get-CompliancePolicyReport.ps1
- Intune\Get-ConfigProfileReport.ps1
- Intune\Get-DeviceComplianceReport.ps1
- Intune\Get-DeviceSummary.ps1
- Intune\Get-IntuneAlwaysOnVpnConfig.ps1
- Intune\Get-IntuneAppControlConfig.ps1
- Intune\Get-IntuneAutoDiscConfig.ps1
- Intune\Get-IntuneFipsConfig.ps1
- Intune\Get-IntuneInventoryConfig.ps1
- Intune\Get-IntuneMobileEncryptConfig.ps1
- Intune\Get-IntunePortStorageConfig.ps1
- Intune\Get-IntuneRemovableMediaConfig.ps1
- Intune\Get-IntuneSecurityConfig.ps1
- Intune\Get-IntuneVpnSplitTunnelConfig.ps1
- Intune\Get-IntuneWifiEapConfig.ps1
- Inventory\Get-GroupInventory.ps1
- Inventory\Get-MailboxInventory.ps1
- Inventory\Get-OneDriveInventory.ps1
- Inventory\Get-SharePointInventory.ps1
- Inventory\Get-TeamsInventory.ps1
- Invoke-M365Assessment.ps1
- M365-Assess.psd1
- M365-Assess.psm1
- Networking\Test-PortConnectivity.ps1
- Orchestrator\AssessmentHelpers.ps1
- Orchestrator\AssessmentMaps.ps1
- Orchestrator\Compare-AssessmentBaseline.ps1
- Orchestrator\Compare-M365Baseline.ps1
- Orchestrator\Connect-RequiredService.ps1
- Orchestrator\Export-AssessmentBaseline.ps1
- Orchestrator\Invoke-DnsAuthentication.ps1
- Orchestrator\Resolve-M365Environment.ps1
- Orchestrator\Show-InteractiveWizard.ps1
- Orchestrator\Test-BlockedScripts.ps1
- Orchestrator\Test-GraphPermissions.ps1
- Orchestrator\Test-ModuleCompatibility.ps1
- PowerBI\Get-PowerBISecurityConfig.ps1
- Purview\Get-AuditRetentionReport.ps1
- Purview\Get-PurviewRetentionConfig.ps1
- Purview\Search-AuditLog.ps1
- SOC2\Get-SOC2AuditEvidence.ps1
- SOC2\Get-SOC2ConfidentialityControls.ps1
- SOC2\Get-SOC2ReadinessChecklist.ps1
- SOC2\Get-SOC2SecurityControls.ps1
- Security\DefenderAntiMalwareChecks.ps1
- Security\DefenderAntiPhishingChecks.ps1
- Security\DefenderAntiSpamChecks.ps1
- Security\DefenderHelpers.ps1
- Security\DefenderPresetZapChecks.ps1
- Security\DefenderSafeAttLinksChecks.ps1
- Security\Get-ComplianceSecurityConfig.ps1
- Security\Get-DefenderCfgDetectConfig.ps1
- Security\Get-DefenderPolicyReport.ps1
- Security\Get-DefenderScanConfig.ps1
- Security\Get-DefenderSecureMonConfig.ps1
- Security\Get-DefenderSecurityConfig.ps1
- Security\Get-DefenderVulnScanConfig.ps1
- Security\Get-DlpPolicyReport.ps1
- Security\Get-LocalAdmins.ps1
- Security\Get-SecureScoreReport.ps1
- Security\Get-StrykerIncidentReadiness.ps1
- Setup\Get-M365ConnectionProfile.ps1
- Setup\Grant-M365AssessConsent.ps1
- Setup\PermissionDefinitions.ps1
- Setup\Save-M365ConnectionProfile.ps1
- ValueOpportunity\Get-FeatureAdoption.ps1
- ValueOpportunity\Get-FeatureReadiness.ps1
- ValueOpportunity\Get-LicenseUtilization.ps1
- ValueOpportunity\Measure-ValueOpportunity.ps1
- Windows\Get-InstalledSoftware.ps1
- assets\Update-SkuCsv.ps1
- assets\m365-assess-bg.png
- assets\m365-assess-logo-cropped -white.png
- assets\m365-assess-logo-cropped.png
- assets\m365-assess-logo-dark.png
- assets\m365-assess-logo-light.png
- assets\m365-assess-logo-white.png
- assets\m365-assess-logo.png
- assets\react-dom.production.min.js
- assets\react.production.min.js
- assets\report-app.js
- assets\report-app.jsx
- assets\report-shell.css
- assets\report-themes.css
- assets\sku-friendly-names.csv
- controls\README.md
- controls\cmmc-ez-handoff.json
- controls\frameworks\cis-controls-v8.json
- controls\frameworks\cis-m365-v6.json
- controls\frameworks\cisa-scuba.json
- controls\frameworks\cmmc.json
- controls\frameworks\essential-eight.json
- controls\frameworks\fedramp.json
- controls\frameworks\hipaa.json
- controls\frameworks\iso-27001.json
- controls\frameworks\iso-27002.json
- controls\frameworks\mitre-attack.json
- controls\frameworks\nist-800-53-r5.json
- controls\frameworks\nist-csf.json
- controls\frameworks\pci-dss-v4.json
- controls\frameworks\soc2-tsc.json
- controls\frameworks\stig.json
- controls\learn-more.json
- controls\licensing-overlay.json
- controls\local-extensions.json
- controls\microsoft-first-party-appids.json
- controls\mitre-technique-map.json
- controls\registry.json
- controls\risk-severity.json
- controls\role-tiers.json
- controls\sku-feature-map.json
- controls\sync-scope.json
- controls\tier0-permissions.json
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.12.0 (current version) | 3 | 6/12/2026 |
| 2.11.0 | 497 | 5/1/2026 |
| 2.10.1 | 27 | 4/30/2026 |
| 2.10.0 | 8 | 4/29/2026 |
| 2.9.3 | 21 | 4/29/2026 |
| 2.9.2 | 25 | 4/27/2026 |
| 2.9.1 | 28 | 4/26/2026 |
| 2.9.0 | 5 | 4/26/2026 |
| 2.6.0 | 7 | 4/25/2026 |
| 2.4.0 | 62 | 4/23/2026 |
| 2.2.0 | 99 | 4/20/2026 |
| 2.1.0 | 33 | 4/20/2026 |
| 2.0.0 | 7 | 4/19/2026 |
| 1.16.0 | 7 | 4/18/2026 |
| 1.15.0 | 7 | 4/18/2026 |
| 1.9.0 | 122 | 4/7/2026 |
| 1.8.1 | 8 | 4/7/2026 |
| 1.8.0 | 10 | 4/7/2026 |
| 1.7.0 | 11 | 4/7/2026 |
| 1.6.0 | 24 | 4/6/2026 |
| 1.5.0 | 15 | 4/3/2026 |
| 1.2.0 | 9 | 4/2/2026 |
| 1.0.1 | 41 | 3/31/2026 |
| 1.0.0 | 5 | 3/30/2026 |