I built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.Block users from creating Public Microsoft Teams groups
Hi Community, Is already know that Teams creation in Microsoft Teams is related to O365 groups, and if you would like to block users from creating teams, you need to block them from creating O365 groups, right? Ok, right. But what if we only want to block the possibility to create public teams, but still allow them to create private ones? Would that be possible? The answer is YES. And the solution is Microsoft Purview. You'll need to create a new Label/Label Policy under Information Protection. We'll configure the Label for the scope "Site, UnifiedGroup", with group settings as "Private" and applying the label automatically. Then we can configure/publish the Label Policy as mandatory for all the users, some of them or, as in my example, to a DL that contains all the users that I would like to block. Once published, depending on your tenant size, it can take up to 24 hours to propagate. In my test environment it was quite immediate. Now, the users added to the DL that I configured in the Label Policy can still create teams, but not Public ones ( and can't change the label ) as that option is greyed out. The answer is YES. And the solution is Microsoft Purview.Synchronizing Security and Microsoft 365 Group Memberships
An article from 2018 uses the AzureAD and Exchange PowerShell modules to synchronize membership between a security and a Microsoft 365 group. The idea is to enable collaboration for the members of the security group. This version does the work with the Microsoft Graph PowerShell SDK. The code is better and it will work as an Azure Automation runbook, which is always nice. https://office365itpros.com/2026/01/20/group-membership-synchronization/
No labs for MB-500 in skillable and xtreme labs (for all MB series)
Hi, From past few months, we are unable to find the labs for MB-500. It's causing us trouble to do the trainings. Skillable and Xtreme labs providers are saying there is a problem from Microsoft end only. Kindly advise us when can we get the labs available.
Can't add Viva Engage community calendar to Outlook
We would like to experiment with using the SharePoint Online Web part that allows you to display a group calendar on a SharePoint Online page. Our idea is to use a Viva Engage community as a means to create that group calendar so that the features of a community can also be used for this scenario. I assumed that it worked similarly to Microsoft Teams whereas along as the "HiddenFromExchangeClientsEnabled" property is FALSE for the connected group, that either all community admins/members would see the group calendar show up in Outlook automatically OR you could manually add the calendar in your calendar lists in Outlook. Neither seem to be the case. What's interesting about the group that connects to a Viva Engage community is the ""HiddenFromExchangeClientsEnabled" property is FALSE by default. However, the group calendar does not appear in Outlook. As a community admin, I tried to manually add the calendar and I get an error message "Couldn't add [group]. You may not have permissions". Does anyone know why I'm running into that error and/or why the group mailbox is not showing up in Outlook by default since the property states that it is not hidden? Is it not possible to view Viva Engage group calendars in Outlook? Thanks!
Integrating Microsoft Groups and Team Channels
We have a Shared Inbox called mailto:email address removed for privacy reasons that is shared with me and a member of the company. I'd like to convert this into a Microsoft Group to use it internally in Teams Chat and receive emails in Outlook under the Groups section. I'd also like to create a channel where all the files we want to share are available inside Teams. So, is there a way to integrate a group as a channel in Teams, or is there a different approach?Outlook is sending duplicated mails
Hello dear Microsoft Community I've got following problem: With one of our clients there is an issue with Outlook/Mailing The mailbox is IMAP If he sends Mails to someone they'll recieve the sent message, for like 20 times. the only suspicous thing is, that we can see 3 duplicates of that mail in the 'sent' folder. but regardless it was recieved alot more than 3 times, either way. Do you have an idea ? I already updatet Microsoft Windows & Microsoft Office 365 made a new profile checked for Add-Ins or antivirus applications I also looked it up on our firewall we also checked the log on the mailserver greetings and im looking forward to recieve some help from YOU
Rule Mgnt.: Move "Sent Item" reply from e-mails in Specific Folders to the Specific Folder
In a previous version, I was able to create a rule to move my "Sent Items" to the folder containing the e-mail I responded to (or from, if forwarding), therefore eliminating the need to drag my "Sent Items" replies/fwds. to the folder containing the originating e-mail. How can I do that in Outlook 365?
D365 F&O: dual write error
Hi all, I hope this is the right place where to ask my question. We have set up a dual write solution between D365 F&O and CRM Sales. In D365 we have an error when we create a new contact, it seems that the dual write is not correctly sincronizing for first the global addressbook table. How can we setup the dual write assigning priorities or syncronization sequences? Thanks in advance for your help. Andrea
