Free M365 Assessment

Free assessment of your M365 security posture – tailored for Australia and New Zealand

Microsoft Secure Score measures how well your tenant is configured against Microsoft’s security recommendations. This free assessment mirrors the actions that drive your Secure Score – without needing to log into the admin centre. It covers Identity & AuthenticationPrivileged AccessEmail SecurityDevice SecurityData Protection, and App & Cloud Security.

New Zealand context: References the Privacy Act 2020NZISM, and NCSC NZ guidance on cloud security. Use this assessment to prepare for government procurement or to demonstrate reasonable security safeguards for personal information.

Australian context: Aligned with the Privacy Act 1988 (Cth)Notifiable Data Breaches (NDB) scheme, and Essential Eight MFA requirements. Many insurers and government contracts now require specific M365 hardening – this assessment checks exactly those controls.

This free self‑assessment takes about 7 minutes. You’ll receive a percentage score (0–100%), a ranked list of missing controls, and a prioritised action plan with effort estimates – no obligation, no credit card required.

  • Secure Score equivalent

    Percentage score (0–100%) based on Microsoft’s recommendations – see where you stand without logging into the admin centre.

  • Privileged access review

    PIM configuration, minimal Global Admins, separate admin accounts, phishing‑resistant MFA for admins.

  • Device security check

    Intune enrolment, compliance policies, Defender for Endpoint, BitLocker/FileVault management.

  • App & cloud security

    App consent restrictions, risky sign‑in policies, Defender for Cloud Apps, OAuth governance.

  • Identity & authentication check

    MFA enforcement, Conditional Access, legacy authentication blocking, password protection.

  • Email security audit

    Anti‑phishing policies, Safe Links, Safe Attachments, DMARC enforcement, attack simulation training.

  • Data protection & DLP

    Sensitivity labels, DLP policies, external sharing governance, unified audit logging.

  • Prioritised action plan

    Ranked list of missing controls with effort estimates (Quick Win / Medium / Project).