🛡 Browser-Based · No PowerShell · No Install

M365 Security Checker

40+ automated checks across identity, conditional access, privileged roles, auth methods, devices & Intune, applications, and security posture — mapped to CIS, NIST, SOC 2, ISO 27001 and more. Sign in with your admin account; results in under 60 seconds. No data leaves your browser.

40+ security checks

7 control categories

0 data sent to TenantShield

Read-only Graph API access

Identity

Security Defaults, MFA coverage, legacy auth, guest users, SSPR, consent policy

Conditional Access

Policy count, MFA enforcement, risk policies, device compliance, named locations

Privileged Access

Global Admin count, all privileged roles, permanent vs eligible assignments

Auth Methods

FIDO2, Authenticator app, Temporary Access Pass, SMS-only users

Devices & Intune

Compliance policies, config profiles, enrollment, device compliance, disk encryption, stale devices

Applications

App registrations, expired & expiring secrets, credential lifetime, enterprise apps, OAuth consent grants

Security Posture

Secure Score, risky users, risky sign-ins, active alerts, licensing

Uses delegated, read-only Microsoft Graph permissions. No data leaves your browser.

One-time Azure app setup

Register a free multi-tenant app in Azure, add delegated read-only permissions, and paste your Client ID below. Takes about 5 minutes and only needs to be done once.

1

Create an App Registration

Go to portal.azure.com → App registrations → New registration
Name: TenantShield Checker · Account types: Any organizational directory
Redirect URI: Web → https://tenantshield.io/tool

2

Add delegated API permissions

Under API Permissions → Add a permission → Microsoft Graph → Delegated:

Directory.Read.All Policy.Read.All Reports.Read.All UserAuthenticationMethod.Read.All Organization.Read.All SecurityEvents.Read.All IdentityRiskEvent.Read.All AuditLog.Read.All DeviceManagementManagedDevices.Read.All DeviceManagementConfiguration.Read.All Application.Read.All

Click Grant admin consent (requires Global Admin).

3

Copy your Client ID and paste below

Found on the app's Overview page. Saved to your browser only — never sent to TenantShield.

Your Client ID is stored in localStorage on your browser only.

Running security checks…

Querying Microsoft Graph API in real time

0 / 0 checks0%

—

Security Score

Your tenant has gaps we can fix

This tool checks 40+ controls via the Graph API. Our full assessment runs 400+ checks and includes a branded PDF report, compliance framework mapping, and remediation — all done for you.

Book Free Consultation →

400+ checks vs this tool's 40+ Branded PDF for boards & auditors Remediation included · $3,500 flat