Identity & Access
Global administrators, MFA, Conditional Access, risky sign-ins
Microsoft 365 Compliance Monitoring
Automatically evaluate identity, email, collaboration, data protection and device security controls across your Microsoft 365 tenant.
What we assess
160 checks across 9 Microsoft cloud services
Global administrators, MFA, Conditional Access, risky sign-ins
Safe Links, Safe Attachments, SPF, DKIM, DMARC
DLP policies, sensitivity labels, audit logging
Teams meetings, guest access, external domains
SharePoint and OneDrive external sharing
Intune enrollment and compliance policies
PIM, role activation and access reviews
OAuth consent, app credentials and certificates
Microsoft Fabric tenant security
Automation coverage
CIS Automated/Manual labels describe the benchmark method. Trusteed reports what can actually be collected from your tenant — without marking incomplete evidence as Passed.
Coverage spans Microsoft Graph plus Exchange Online, Purview, SharePoint tenant policy, Teams policy, Defender, and Fabric collectors where Graph alone is incomplete.
What you receive
All required conditions were verified.
At least one required condition was not met.
The control is outside the documented scope.
Data or permission was insufficient — the result was not guessed.
Example findings
7 global administrator accounts detected. Recommended range: 2–4.
One or more Conditional Access policies allow legacy authentication flows.
2 of 4 mail-enabled domains do not have an enforced DMARC policy.
The current meeting policy permits anonymous participants.
Example findings shown for demonstration purposes.
How it works
Authorize read-only access using delegated OAuth or service credentials.
Trusteed collects configuration, identity, policy and activity evidence from the connected environment.
Review prioritized findings, evidence and remediation steps from a single dashboard.
Framework mapping
One technical check. Multiple compliance frameworks.
Secure by design
Microsoft Graph, Exchange Online and service-specific collectors are separated by required scope.
Benchmark reference
Connect read-only access, run the full control set, and get evidence-backed results — Compliant, Non-compliant, Not applicable, or Unknown.