I built a free, open-source M365 security assessment tool - looking for feedback
I work as an IT consultant, and a good chunk of my time is spent assessing Microsoft 365 environments for small and mid-sized businesses. Every engagement started the same way: connect to five different PowerShell modules, run dozens of commands across Entra ID, Exchange Online, Defender, SharePoint, and Teams, manually compare each setting against CIS benchmarks, then spend hours assembling everything into a report the client could actually read. The tools that automate this either cost thousands per year, require standing up Azure infrastructure just to run, or only cover one service area. I wanted something simpler: one command that connects, assesses, and produces a client-ready deliverable. So I built it. What M365 Assess does https://github.com/Daren9m/M365-Assess is a PowerShell-based security assessment tool that runs against a Microsoft 365 tenant and produces a comprehensive set of reports. Here is what you get from a single run: 57 automated security checks aligned to the CIS Microsoft 365 Foundations Benchmark v6.0.1, covering Entra ID, Exchange Online, Defender for Office 365, SharePoint Online, and Teams 12 compliance frameworks mapped simultaneously -- every finding is cross-referenced against NIST 800-53, NIST CSF 2.0, ISO 27001:2022, SOC 2, HIPAA, PCI DSS v4.0.1, CMMC 2.0, CISA SCuBA, and DISA STIG (plus CIS profiles for E3 L1/L2 and E5 L1/L2) 20+ CSV exports covering users, mailboxes, MFA status, admin roles, conditional access policies, mail flow rules, device compliance, and more A self-contained HTML report with an executive summary, severity badges, sortable tables, and a compliance overview dashboard -- no external dependencies, fully base64-encoded, just open it in any browser or email it directly The entire assessment is read-only. It never modifies tenant settings. Only Get-* cmdlets are used. A few things I'm proud of Real-time progress in the console. As the assessment runs, you see each check complete with live status indicators and timing. No staring at a blank terminal wondering if it hung. The HTML report is a single file. Logos, backgrounds, fonts -- everything is embedded. You can email the report as an attachment and it renders perfectly. It supports dark mode (auto-detects system preference), and all tables are sortable by clicking column headers. Compliance framework mapping. This was the feature that took the most work. The compliance overview shows coverage percentages across all 12 frameworks, with drill-down to individual controls. Each finding links back to its CIS control ID and maps to every applicable framework control. Pass/Fail detail tables. Each security check shows the CIS control reference, what was checked, what the expected value is, what the actual value is, and a clear Pass/Fail/Warning status. Findings include remediation descriptions to help prioritize fixes. Quick start If you want to try it out, it takes about 5 minutes to get running: # Install prerequisites (if you don't have them already) Install-Module Microsoft.Graph, ExchangeOnlineManagement -Scope CurrentUser Clone and run git clone https://github.com/Daren9m/M365-Assess.git cd M365-Assess .\Invoke-M365Assessment.ps1 The interactive wizard walks you through selecting assessment sections, entering your tenant ID, and choosing an authentication method (interactive browser login, certificate-based, or pre-existing connections). Results land in a timestamped folder with all CSVs and the HTML report. Requires PowerShell 7.x and runs on Windows (macOS and Linux are experimental -- I would love help testing those platforms). Cloud support M365 Assess works with: Commercial (global) tenants GCC, GCC High, and DoD environments If you work in government cloud, the tool handles the different endpoint URIs automatically. What is next This is actively maintained and I have a roadmap of improvements: More automated checks -- 140 CIS v6.0.1 controls are tracked in the registry, with 57 automated today. Expanding coverage is the top priority. Remediation commands -- PowerShell snippets and portal steps for each finding, so you can fix issues directly from the report. XLSX compliance matrix -- A spreadsheet export for audit teams who need to work in Excel. Standalone report regeneration -- Re-run the report from existing CSV data without re-assessing the tenant. I would love your feedback I have been building this for my own consulting work, but I think it could be useful to the broader community. If you try it, I would genuinely appreciate hearing: What checks should I prioritize next? Which security controls matter most in your environment? What compliance frameworks are most requested by your clients or auditors? How does the report land with non-technical stakeholders? Is the executive summary useful, or does it need work? macOS/Linux users -- does it run? What breaks? I have tested it on macOS, but not extensively. Bug reports, feature requests, and contributions are all welcome on GitHub. Repository: https://github.com/Daren9m/M365-Assess License: MIT (free for commercial and personal use) Runtime: PowerShell 7.x Thanks for reading. Happy to answer any questions in the comments.
The latest mobile apps killed mobile first when working with files
Hi, I really enjoyed working only with mobile devices when we started with M365. On iOS the OneDrive app was paramount when organising files in SharePoint/Teams Sites. Easy up- and downloads, drag‘n drop. Move and copy all was there to manage a companies files on mobile devices even when only on mobile network connections. But the upgrades that happened over the last 1-2 years completely break this kind of workflows. There is no really mobile-first paradigm visible anymore. The OneDrive app was worst. All the pretty well integration file management stuff is gone. No drag‘n drop. No useful integration into iOS Files app. Copying between OneDrive and SharePoint got a pain. Bulk operation just silently fail. Files get renamed without any warning (numbers get added to the name or are just increased so no one will ever find the file again). So just two simple usability examples that are a mess: to select multiple files in a folder you have to press the word ‚Select‘ that is not a button or something. This shows up like a column heading in the file view. Right beside ‚Name‘ and ‚Date Modified‘. Why are active user elements placed in table headings? If you browse into some SharePoint folders and quickly want to go back to your OneDrive files you either have to press the back button over and over again until your back to the top level view or you can press-hold the back button and then select ‚Files‘. Butthe latter brings you to the top level Library view and you still have to manually go to ‚Files‘. The old app design just had a top menu bar where views could easily be switched. Am I the only one who wants to work on mobile devices? Does Microsoft still expect everyone to use a laptop and run desktop apps? Annoying.Simple, Smart, and Secure: The next step in sharing files in Microsoft 365
Today at the Microsoft 365 Community Conference, we announced the next generation of sharing for Microsoft 365. Not just an experience refresh, this year we are improving the underlying model that enables collaboration within oM365. We are making it simpler to use, more intelligent, and ensuring that users can keep their content secure by default. In 2011, the cloud revolutionized collaboration and SharePoint Online launched with direct permissioning to enable sharing. Three years later, the on-going cloud transformation led to the invention of “link-based sharing” to allow users to forward and share URLs that grant access within defined, yet secure scopes. Over the last decade, collaboration flourished with over 1.2 Billon people using the share dialog in M365 per month. But as we look ahead, we see new demands emerging to meet the needs of collaborative, agentic workplaces. We are excited to give you a walkthrough of the third generation of sharing in Microsoft 365 and introduce the hero link, the power behind the next decade of collaboration. Meet the hero link The next generation of sharing makes you the hero of collaboration! Each file gets a single hero link which controls all access to the file. Whether you’re clicking “Copy Link”, sending an e-mail, or yes, even copying the URL out of the address bar, it’s all the hero link! This removes the need to create, delete, and manage multiple links on your files, creating a vastly simpler experience. Sharing files with your company has never been easier: simply update the hero link and anyone with the link in your company will get access. Need to lock down a file? Change the link to only allow access for people you directly add, keeping your files secured. We know that users don’t always check file permissions before they send out a link, which can lead to frustrating “Access Denied” page. With hero links, users are empowered to update the link that they already sent, enabling them to quickly increase or decrease the scope of the hero link to match their needs. Secure by default Every hero link starts by working for only the people who have already been added to the document. As users embark on their collaboration journey, they can add more people and teams directly to the document or update the hero link as needed to broaden access. For files that are shared externally, the new share experience explicitly tags external users and guests to make sure they stand out and can be managed appropriately. Administrators will be able to change this default on a per-site collection or OneDrive basis, as needed. With the next generation of sharing, users can further secure their content by controlling who can add people or update access of the file or folder, which gives users the granular control they need to protect their most important content. At a glance access The next generation of sharing requires easy understanding of not only who has access to a file, but how they have access. The Share Dialog and Manage Access experiences are now unified into a single, powerful interface, ensuring users can see and manage their documents and folders with effortless precision. Updates to permissions now appear in real-time, giving users confidence and real-time feedback as they share! With this new sharing model, you can now update permissions in bulk. It is now easier than ever to change or remove permissions for multiple people in a single session. Changes appear instantly, helping you stay in control! If a user wants additional granularity, they can even create additional sharing links to be used for specific purposes. These links can even be named, to help users track and assign them to specific tasks. Copilot + Sharing Save time for your coworkers and keep your team up to speed by using Copilot when you share. With a single click, generate a summary of your document that will be included in the notification mail. Recipients can now understand what the file is about, without needing to open it and read the content. This is a great way to save time and help get your collaborators up to speed! Choose when you notify Have you ever had those days where your notifications are going crazy from teammates adding you to files? We hear your frustration-and we are happy to tell you that you can now choose whether to send an e-mail notification or not when you add people to your file. This update puts you in control of how you share and notify teammates – simply check the box or not based on your preference! This control is critical when you’re bringing a colleague up to speed on multiple documents, or just want to make sure that your file is shared correctly before incorporating into a SharePoint News Post or Amplify! Looking Ahead This new sharing experience and model will be rolling in late 2025! You can track the latest timelines and updates via the Microsoft 365 Message Center or the Microsoft 365 Roadmap (ID: 492622). We know change management is top of mind with any product change, and especially one’s as critical to your organization as collaboration.In addition to the standard updates at Microsoft Docs, we’ll also be uploading how to videos for end users and IT Pros to the Microsoft Community Learning YouTube Channel, walking through the changes in depth on the Sync Up Podcast and in the OneDrive Customer Office Hours. We’re excited to share the future with you! Frequently Asked Questions We know how important collaboration is to your organization! Here are answers to a few of the common questions we’ve heard! If you have others, let us know in the comments below! Q - What do I need to do to prepare for this change? A – For now, keep an eye on the roadmap id and Message Center for more information! As we get closer to release, we’ll ensure you have the content you need to update and prepare your users, admins and security teams. Q - What happens to my existing collaboration experience? A – Nothing! The new sharing model is fully backwards compatible. All the links and permissions you have today will continue to work and will show up in the “Other Links” section of the dialog! Q - Where will this change happen? A - Everywhere! OneDrive powers the sharing experience across 64 apps in M365. This change will be updated consistently across the entire ecosystem.
How should home and small org users address Kali365 Hijacking Microsoft 365 Access Tokens?
How should home and small organization small business users address the recent Federal Bureau of Investigation Public Service Announcement “to warn the public about an emerging Phishing-as-a-Service platform called Kali365, first seen in April 2026” See Alert Number I-052126-PSA 21 May 2026
one drive mapped network drive Win 10
I want to use my onedrive CID number to connect to a mapped network drive in windows explorer. But, as soon as I type my microsoft account credentials at the login prompt, it doesn't log in but just loops back to the login screen window. What should I do ? Has microsoft stopped allowing onedrive mapped network drive on windows 10 explorer ?Making Mac OneDrive Faster and More Reliable
OneDrive on macOS is getting a major update to how it syncs! The Native Sync Engine is rolling out to Insiders today with version 26.098. It's up to 2x faster on initial sync and on-disk state changes, uses less CPU, memory, and battery, and removes the hidden cache folder that's been the source of most reliability issues since 2022. It's the latest in an ongoing effort to make OneDrive feel native on Mac. Earlier this year we shipped a redesigned Activity Center with Liquid Glass and native dialogs, and the Native Sync Engine is a major step in that journey. The cache folder problem When we moved OneDrive to Apple's File Provider platform in 2022, we needed a way to bridge the existing sync engine with how File Provider expected things to work. Broadly, there are two parts to OneDrive sync: the sync engine itself, and the code that OneDrive uses to work with files. To support File Provider, we had to change how OneDrive interacted with the file system. However, to reduce risk, we decided to use a hidden cache folder that mirrored your OneDrive contents, so the sync engine could remain largely unchanged. That cache folder solved the immediate problem and unlocked features like Known Folder Move. Over time, however, feedback and telemetry showed us that it was root cause of many of the reliability and performance issues users have reported since. The Native Sync Engine removes it. What’s changed Over the past several years, we’ve been working behind the scenes on the Native Sync Engine. Building it required us to completely rebuild large portions of our code and build a new sync platform that allows OneDrive to work better with the File Provider system. The Native Sync Engine provides the fastest, most reliable experience we’ve ever delivered on the Mac. It has a simplified architecture, eliminates entire classes of errors, and integrates more deeply with macOS. In our performance testing, the new system is about 2x faster for initial sync and on-disk state changes. It also uses fewer system resources, helping preserve your Mac’s battery life while improving overall responsiveness. We’ve also put the new system through multiple tests that simulate usage well beyond what the average user would ever do, and it has held up extremely well in those scenarios. It’s a massive improvement, and one we are very excited to bring to you. On the surface, the Native Sync Engine looks and feels very similar to what we had before, but there are a few important changes. Let’s walk through a few of them. Hidden folders no longer hold data OneDrive's hidden folders now contain metadata only. Your file data only lives in the OneDrive folder you interact with directly. There are a few cases where a copy of file data will exist in the hidden folder: Files you've created or changed that haven't uploaded yet. The copy is removed once the file has fully synced to the cloud. OneNote shortcuts and similar "link" file types. These are typically a few hundred bytes at most, and we retain them in the hidden folder indefinitely. Some kinds of macOS packages, such as GarageBand files, .app bundles, and certain older iWork files. Copies of these files are retained for longer than most files. Files and folders are always browsable Files in a folder used to be created on disk only the first time the folder was accessed. That led to Finder showing "Loading..." while you browsed and apps hanging while they waited for folders to materialize. Now, every folder and file is always browsable on disk. Navigating your OneDrive folder feels like navigating any other folder. It’s snappy, responsive, and just works. Note that Files On-Demand is unchanged with the Native Sync Engine. Files you haven't opened remain online-only unless you either open them or mark them Always On This Device. External drive support The Native Sync Engine also supports external drives, such as USB drives you can plug into your Mac. If your system and your external drive meet the requirements, all of your files and OneDrive's metadata folder will be placed on this drive. On older versions of macOS and on drives that don't meet the requirements, your files and OneDrive metadata will be stored on the home volume. Syncing shared folders and libraries If your organization has disabled the “Sync” button on SharePoint and your users are using “Add shortcut to My Files”, you can skip this section, as you are already in the ideal state! If you are still using synced libraries, each synced library now appears as its own root in the Finder sidebar, instead of nested under a single tenant entry. Add shortcut to OneDrive remains the modern way to access shared content. Admins can hide the Sync button via aka.ms/HideSyncButton. Identifying the Native Sync Engine You can identify whether your Mac is using the Native Sync Engine by inspecting the OneDrive version in the Preferences dialog: If the version ends with a value such as "(26K)", you are running the Native Sync Engine. If the version ends with the version of macOS, you are not yet running the Native Sync Engine. Rollout Starting today, we’ll be gradually rolling out this new experience to our Insiders audience. This rollout will take several weeks to complete. If you aren't already in Insiders and want to try the new update, simply open OneDrive preferences, click on the About tab, and check the box to join the Insiders program. Your Mac will upgrade to the Native Sync Engine automatically when it receives the update. It might take a couple of minutes for OneDrive to complete the upgrade, and a little while longer for File Provider to finish with the upgrade, but you can still use your OneDrive while this is taking place. We would love to hear your feedback, good or bad. Just click “Send Feedback” in the OneDrive Activity Center and share your thoughts! To learn more, watch the latest Sync Up podcast below:Microsoft to Delete Unlicensed OneDrive for Business Accounts
Microsoft will delete unlicensed OneDrive for Business accounts that aren’t paid for (to be archived) after July 2026. Up to now, it’s been possible to leave unpaid-for accounts linger in Microsoft 365 archive until retention policies and holds expire. Now, tenants must decide which accounts they wish to keep and pay for. Unpaid accounts will be removed, even if retention policies or eDiscovery holds apply to their content. https://office365itpros.com/2026/06/12/unlicensed-onedrive-for-business-2/
Why OneDrive Is More Than Just Cloud Storage
When people hear “OneDrive,” they often think of a simple place to stash files. But Microsoft OneDrive is far more than a digital filing cabinet—it’s a powerful tool for collaboration, backup, and productivity across devices. Whether you're working solo or with a team, OneDrive offers features that make your workflow smarter, safer, and more seamless. 1. Real-Time Collaboration with Office Apps Open a Word, Excel, or PowerPoint file stored in OneDrive and collaborate with others in real time. You’ll see edits as they happen, complete with comments and version history. How to Use: Open the file from OneDrive in your browser or desktop app. Click Share and invite collaborators by email. Everyone with access can edit simultaneously, and changes are saved automatically. 2. Automatic Backup for Peace of Mind Enable OneDrive’s PC folder backup to automatically sync your Desktop, Documents, and Pictures folders. If your device crashes, your files are safe and accessible from anywhere. How to Enable: Open OneDrive settings from the system tray. Go to the Settings Gear and select Settings. Under Sync and Backup, select “Manage Backup.” Toggle on the folder you want to back up and click “Save Changes.” 3. Access Files Across Devices OneDrive works seamlessly across Windows, macOS, iOS, and Android. Start a document on your laptop, review it on your phone, and present it from your tablet—no USB drives needed. How to Use: Download the OneDrive app on your mobile device. Sign in with your Microsoft account. Access, edit, and share files on the go. 4. Version History and File Recovery Accidentally deleted or overwritten a file? OneDrive keeps a version history, so you can restore previous versions or recover deleted files within 30 days. How to Restore: Right-click the file and select Version history. Choose the version you want to restore. For deleted files, go to the Recycle Bin in OneDrive and click Restore. 5. Files On-Demand With Files On-Demand, you can view and manage OneDrive files from File Explorer without downloading them—saving space on your device. How to Use: Open File Explorer and navigate to your OneDrive folder. Right-click a file and choose “Always keep on this device” or “Free up space.” Always Keep on this Device: Downloads the file to the computer and permanently keeps it there. It allows you to have offline access to the file even without internet and is indicated by a green checkmark icon. Free up Space: Removes the local copy of the file from your device but keeps it in OneDrive cloud. Use this option when you want to save disk space and don’t need the file offline and is indicated by cloud icon to show it’s online-only. In conclusion, Microsoft OneDrive isn’t just cloud storage—it’s a productivity powerhouse. From real-time collaboration to secure backups and seamless device access, OneDrive helps you work smarter, safer, and more efficiently. Whether you're a student, a professional, or part of a global team, OneDrive adapts to your workflow and keeps your files at your fingertips.OneDrive Office Hours | June 2026
Get ready for the June OneDrive Customer Office Hours! This session creates space for open conversation around the latest updates and how they support the way you use your files every day. In this month’s session, we’ll walk through what’s new and open the floor for questions, feedback, and shared experiences. Join us for our next call Date: June 17, 2026 Time: 8:00 AM-9:00 AM Pacific Time (US & Canada) Special Topic: OneDrive. Cloud. Microsoft. with Stephen Rice & Lauren Bell Register Today: aka.ms/OneDriveOfficeHours Join the OneDrive team to learn how OneDrive is moving to a new, dedicated web address: onedrive.cloud.microsoft. This is part of Microsoft's broader effort to bring Microsoft 365 apps and services together under the unified cloud.microsoft domain, which is reserved exclusively for Microsoft's trusted, authenticated cloud services. Consolidating onto this single, purpose-built domain reduces reliance on the many legacy URLs OneDrive has used over the years, strengthens protection against spoofing and phishing, and simplifies network and allow-list management for admins. Anyone can join this one-hour webinar to ask us questions, share feedback, and learn more about the features we’re releasing soon and our roadmap. We can't wait to share, listen, and engage every month! Note: Our monthly public calls are not an official support tool. To open support tickets, go to see Get support for Microsoft 365; distinct support for educators and education customers is available, too. New way to register and watch on demand! Go to: Microsoft OneDrive: Customer Office Hours – Microsoft Adoption to see upcoming sessions, to register and rewatch previous sessions! Save the Calendar invite so you never miss a call: https://aka.ms/OfficeHoursCalendar Each call is recorded and made available on demand shortly after. Stay up to date on Microsoft OneDrive adoption on adoption.microsoft.com. Join our community to catch all news and insights from the OneDrive community blog. And follow us on X: @OneDrive. Thank you for your interest in making your voice heard and taking your knowledge and depth of OneDrive to the next level. and depth of OneDrive to the next level. You can ask questions and provide feedback in the event Comments below and we will do our best to address what we can during the call. Register and join live: aka.ms/OneDriveOfficeHours.
