Live Tool

M365 Tenant Audit

A live, read-only audit of your Microsoft 365 tenant — covering identity, security, mail flow, compliance, Teams, SharePoint, and more. Results are generated in real time directly from the Microsoft Graph API.

Launch AuditBack to all tools

Why do I need to create an account?

The Live Audit connects directly to your Microsoft 365 tenant via the Microsoft Graph API. Because the audit reads real configuration data — security policies, mail flow rules, conditional access, licence assignments, and more — each session is unique to the tenant being audited.

An account ensures your audit session is private and isolated. Without authentication, anyone who visited the page would see the results of the last audit that ran. By signing in, your results are tied to your session only — no one else can see them.

You can sign in with your Microsoft or Google account. No separate password to remember — just use an identity you already have.

How it works

1

Sign in

Create an account or sign in with Microsoft or Google. This takes a few seconds and keeps your audit session private.

2

Connect your tenant

Choose automatic setup (grant admin consent with one click) or manual setup (provide your own app registration credentials). Both options use read-only permissions — nothing is changed in your tenant.

3

Review your results

The audit runs in real time across 16+ areas of your M365 tenant. You get a categorised dashboard with findings, recommendations, and an exportable PDF report.

4

Clean up

If you used automatic setup, the audit page provides step-by-step instructions and a PowerShell script to remove the app registration from your tenant when you're done.

What gets audited?

The audit covers 16+ areas using read-only Microsoft Graph API calls. Nothing is written or changed in your environment.

Users & Licensing
Groups & Membership
Admin Roles
Conditional Access
MFA Status
Authentication Methods
Mail Transport Rules
Anti-Spam & Anti-Phish
Mailbox Settings
Teams Policies
SharePoint & OneDrive
Compliance Policies
Device Management
Security Defaults
Domains & DNS
Organisation Settings

Security & privacy

No credentials are stored. If you use manual setup, your client ID and secret are used for the duration of the audit session only and are never persisted to disk or database.

Read-only permissions. The app registration requests only read-level Graph API permissions. It cannot modify users, policies, settings, or any configuration in your tenant.

Your data stays in your browser. Audit results are streamed directly to your browser session. They are not stored on any server. When you close the tab, the data is gone.

You control access. If you used the automatic setup, you can revoke the app registration from your Entra ID portal at any time. The audit page provides instructions for this.

Ready to audit your tenant?

Sign in, connect your tenant, and get a full read-only audit in minutes.

Launch M365 Tenant Audit