Free Consultation Or Submit a Ticket
Microsoft 365 Full Tenant Health Check | MStack360
6 Audit Domains

Every Layer of Your M365 Tenant. One Engagement.

The Full Tenant Health Check covers all six critical domains of Microsoft 365. Each area is reviewed in depth, with findings documented by severity and linked to specific remediation steps.

HIPAA PCI-DSS GDPR NIS2 SOC 2
Security & Compliance

Security Posture & Defender Configuration

We review your Microsoft Secure Score, Defender for Office 365 policies, anti-phishing, safe links, DLP policies, and information protection labels.

  • Secure Score analysis and improvement plan
  • Anti-phishing, safe links, safe attachments
  • DLP policies and sensitivity labels
  • Purview compliance configuration
  • Audit log and alert policy review
View full Security Check
Entra ID / Azure AD

Identity, MFA & Conditional Access

We audit all user accounts, MFA coverage, Conditional Access policies, privileged roles, guest accounts, and Identity Protection risk detections across your tenant.

  • MFA enrollment and authentication methods
  • Conditional Access policy coverage and gaps
  • Global admin count and PIM configuration
  • Stale and guest account lifecycle
  • Legacy authentication blocking
View full Entra ID Check
Intune & Devices

Device Enrollment, Compliance & Endpoint Security

We review your Intune setup from enrollment and Autopilot to compliance policies, configuration profiles, app deployment, and Defender for Endpoint integration.

  • Device enrollment and Autopilot profiles
  • Compliance policies and non-compliance actions
  • Configuration profiles and update rings
  • App deployment and MAM policies
  • BitLocker, ASR, and security baselines
View full Intune Check
SharePoint & OneDrive

Collaboration, Sharing & Storage Governance

We audit your SharePoint architecture, external sharing settings, OneDrive sync policies, permissions structure, and storage usage across all sites and libraries.

  • External sharing and anonymous link policies
  • Site architecture and permissions review
  • OneDrive sync and Known Folder Move
  • Storage quotas and orphaned sites
  • Information barriers and access reviews
View full SharePoint Check
Power Platform

Governance, DLP & Automation Health

We review your environment strategy, DLP policies, connector governance, flow ownership, app quality, Power BI security, and whether CoE tooling is in place.

  • Environment strategy and CoE toolkit
  • DLP policy coverage and connector classification
  • Orphaned flows and ownership gaps
  • Canvas and model-driven app governance
  • Power BI workspace and RLS review
View full Power Platform Check
Teams & Exchange

Messaging, Meetings & Email Hygiene

We review your Teams governance policies, meeting settings, guest access, Exchange Online mail flow rules, anti-spam, and email authentication records.

  • Teams creation and guest access policies
  • Meeting and recording governance
  • Exchange mail flow rules and connectors
  • SPF, DKIM, DMARC configuration
  • Shared mailboxes and distribution list hygiene
See what we cover
What You Receive

A Report That Is Actually Actionable

Most audits produce a list of findings and leave you to figure out the rest. Ours comes with a prioritized remediation plan, severity ratings, and a walkthrough session so you know exactly what to do next.

  1. Full Tenant Health Score

    An overall score out of 100 across all six domains, so you can see exactly where your environment stands at a glance and track improvement over time.

  2. Severity-Rated Finding List

    Every finding is rated Critical, High, Medium, or Low with a description, evidence screenshot, and the specific impact on your environment.

  3. Prioritized Remediation Plan

    A step-by-step remediation roadmap ordered by risk, so your team knows exactly what to fix first and what can be addressed over time.

  4. 60-Minute Walkthrough Call

    We walk you through every finding live, answer your questions, and ensure your team fully understands the risks and the fixes before we close the engagement.

  5. Optional Remediation Service

    If you want us to fix everything for you, we can. Most clients proceed to a remediation engagement or ongoing retainer directly after the health check.

Finding Summary
Security & Compliance
Critical4
Entra ID / Identity
Critical3
Intune & Devices
High7
SharePoint & OneDrive
High5
Power Platform
High6
Teams & Exchange
Medium8
Total Findings
33 Issues
Remediation Priority
Begin with MFA enforcement and Conditional Access. Move to DLP and Intune compliance. Address SharePoint external sharing and Power Platform governance in phase two.
Before You Book

What We Need to Get Started

The full tenant audit is non-intrusive and requires minimal setup on your side. Here is everything you need to know before we begin.

Global Reader Role

We request temporary Global Reader access — a standard read-only Microsoft role. No changes can be made using this role. Access is revoked immediately after the audit.

45-Minute Scoping Call

We schedule a brief discovery call before the audit begins to understand your tenant size, license tier, known pain points, and compliance requirements.

No Downtime Required

The audit runs entirely in the background. No maintenance windows, no service disruptions, and no involvement needed from your end-users.

Full Report Within 48 Hours

Once access is provided, you receive your complete tenant health report within 48 hours, followed by a live walkthrough session at a time that suits your team.

We only request read-only, time-bound access. We never store credentials, never make configuration changes, and never retain access beyond the audit window.

What Gets Reviewed Across All 6 Domains

Security — Defender, DLP, Secure Score, Purview
Identity — MFA, Conditional Access, Privileged Roles
Devices — Intune, Autopilot, Compliance Policies
Exchange — Mail Flow, Anti-Spam, Shared Mailboxes
Collaboration — Teams, SharePoint, OneDrive Sharing
Automation — Power Platform governance and data policies
How It Works

Full Tenant Audit. Clear Results. No Disruption.

A structured four-step engagement that covers your entire Microsoft 365 environment without impacting day-to-day operations.

Scoping Call

We review your tenant size, license tier, known pain points, and compliance requirements to scope the audit correctly.

45 minutes

Tenant Audit

We perform a read-only review across all six domains using admin center access, PowerShell, and Graph API queries.

1 to 2 days

Report Delivery

You receive a full tenant health report with scored findings, severity ratings, screenshots, and a prioritized remediation roadmap.

Within 48 hours

Walkthrough & Plan

We present the report live, walk through every finding, answer questions, and align on the remediation plan or next engagement.

60 to 90 minutes

0

Clients Served

0

Satisfaction Rate

0

Audit Domains Covered

0

Languages Supported

After the Audit

Finding the Gaps Is Step One.
Keeping Them Closed Is Ongoing.

Most clients who complete a full tenant health check move to a managed support retainer. You get continuous monitoring, monthly health reports, and a dedicated team ensuring your environment stays secure and well-governed every month.

  • Full Microsoft 365 environment monitoring and management
  • Monthly tenant health and Secure Score reports
  • Proactive issue detection before users are affected
  • Priority response within 4 to 24 hours
  • Unlimited support requests across all M365 services
  • 30-day satisfaction guarantee
From $299
Per month
3 Plans
Flex, Priority, Partner
500+
Businesses supported
30 Day
Satisfaction guarantee

Your M365 Full Tenant Health Check is included free with any Priority or Partner retainer plan.

Related Assessments

The Full Tenant Health Check covers every domain at breadth. Pair it with a targeted audit to go deeper in areas that matter most to your organisation.

Entra ID Health Check

Go deeper on identity. MFA coverage, Conditional Access gaps, privileged roles, guest accounts, and Identity Protection risk — reviewed in full detail.

View Assessment

Exchange Health Check

Dive deep into your Exchange Online configuration — mail flow rules, anti-spam policies, shared mailboxes, forwarding rules, and retention settings.

View Assessment

Security & Compliance Check

A dedicated review of your Microsoft Secure Score, Defender configuration, DLP policies, audit logs, and compliance centre — ideal as a follow-up to the tenant overview.

View Assessment
FAQ

Common Questions

Everything you need to know about the M365 Full Tenant Health Check before you book.

We require Global Reader access to your Microsoft 365 tenant. This is a read-only role that allows us to review settings, configurations, and policies across all six audit domains without the ability to make any changes. Access is time-bound to the duration of the engagement.
The audit typically takes 1 to 2 business days from the point of access. The process begins with a 45-minute scoping call, followed by the read-only technical review, and concludes with a detailed report delivered within 48 hours. A walkthrough session of 60 to 90 minutes is then scheduled.
The report includes an Executive Summary, a Detailed Findings Report covering all six audit domains (Security, Identity, Devices, Exchange, SharePoint, and Power Platform/Teams), a Prioritized Remediation Plan with severity ratings, and a Recorded Walkthrough Session where we present findings live and answer questions.
No. The entire audit is read-only and uses existing Microsoft admin portals, PowerShell, and the Microsoft Graph API. There is no impact on users, services, or day-to-day operations. Your team does not need to be involved during the audit phase.
Yes. The Full Tenant Health Check includes hybrid considerations such as Azure AD Connect synchronisation, Exchange hybrid configuration, and Intune co-management scenarios. We note hybrid-specific gaps and provide guidance relevant to your on-premises footprint.
Pricing is confirmed during the discovery call as it varies by tenant size and license tier. The full tenant audit is included at no additional cost with any Priority or Partner retainer plan. Contact us or book a discovery call to receive a tailored quote.
Absolutely. Following the audit, we can proceed directly to remediation as a separate engagement, or you can address the findings with your internal team using our detailed remediation roadmap. Many clients choose to continue as a managed retainer client for ongoing support across all M365 services.
The M365 Full Tenant Health Check maps findings to HIPAA, PCI-DSS, GDPR, NIS2, and SOC 2 frameworks where applicable. The report highlights which findings are compliance-relevant and which controls are in place or missing for each framework, helping your team prioritise remediation.

Is Your Microsoft 365 Tenant
As Secure As You Think?

Book your full tenant health check. We will audit every layer of your environment and tell you exactly where you stand.

Book Your Full Tenant Audit Email Us Instead