---
title: M365 Security Scorecard
emoji: 🛡️
colorFrom: blue
colorTo: indigo
sdk: gradio
sdk_version: 5.50.0
python_version: '3.10'
app_file: app.py
pinned: false
license: apache-2.0
tags:
- cybersecurity
- microsoft-365
- m365-security
- office-365
- security-assessment
- ayinedjimi-consultants
datasets:
- AYI-NEDJIMI/m365-security-fr
- AYI-NEDJIMI/m365-security-en
---

# M365 Security Scorecard

A comprehensive Microsoft 365 security evaluation and assessment tool with real-time scoring, recommendations, and threat hunting queries.

## Features

- **Bilingual Interface**: Full support for English and French
- **6 Security Categories**:
  - Identity & Access
  - Data Protection
  - Email Security
  - Application Security
  - Monitoring & Audit
  - Compliance

- **Real-Time Scoring**: Automatic calculation of security scores per category and overall maturity level
- **Interactive Visualizations**:
  - Radar chart showing security scores by category
  - Gauge chart displaying overall maturity level

- **Smart Recommendations**: Top 5 priority fixes based on unchecked items
- **KQL Hunting Queries**: 5 ready-to-use Kusto Query Language queries for threat hunting in Microsoft Sentinel
- **Markdown Export**: Download comprehensive security reports

## Security Checks Included

### Identity & Access (8 checks)
- MFA enabled for all users
- Conditional Access policies configured
- Legacy authentication blocked
- Privileged account protection enabled
- Password policy enforced
- Sign-in risk policies configured
- User risk policies configured
- Guest access restrictions applied

### Data Protection (8 checks)
- DLP policies enabled
- Sensitivity labels configured
- Encryption at rest enabled
- Encryption in transit enforced
- External sharing restricted
- Data classification implemented
- Privileged access workstations (PAW) deployed
- Data loss prevention monitored

### Email Security (10 checks)
- Anti-phishing policies enabled
- Anti-spam filtering configured
- Safe Links protection enabled
- Safe Attachments enabled
- DMARC configured
- SPF records configured
- DKIM enabled
- Mail encryption enabled
- Malware detection enabled
- External email tagging enabled

### Application Security (8 checks)
- App consent policies configured
- OAuth app restrictions enforced
- API permissions audited
- Third-party app access monitored
- Risky app detection enabled
- Application credential protection enabled
- API throttling configured
- App connector security hardened

### Monitoring & Audit (10 checks)
- Unified Audit Log enabled
- Alert policies configured
- Sentinel integration enabled
- Advanced Audit enabled
- User activity monitoring enabled
- Admin activity logging enabled
- Cloud app security configured
- Anomaly detection enabled
- Incident response procedures defined
- Regular log review process established

### Compliance (10 checks)
- Retention policies configured
- eDiscovery configured
- Communication Compliance enabled
- Records Management configured
- Legal hold capabilities configured
- Information barriers configured
- GDPR compliance controls enabled
- Insider risk management enabled
- Data residency requirements met
- Compliance Manager dashboards reviewed

## Resources & Learning Materials

This tool is created by AYI-NEDJIMI Consultants and includes deep backlinks to comprehensive resources:

1. [Top 10 Tools for Microsoft 365 Security Analysis](https://ayinedjimi-consultants.fr/top-10-outils-analyse-securite-microsoft-365.html)
2. [Zero Trust Implementation in Microsoft 365](https://ayinedjimi-consultants.fr/zero-trust-microsoft-365-implementation.html)
3. [Threat Hunting with Microsoft 365 Defender and Sentinel](https://ayinedjimi-consultants.fr/threat-hunting-microsoft-365-defender-sentinel.html)
4. [Secure M365 Access with Conditional Access and MFA](https://ayinedjimi-consultants.fr/securiser-acces-microsoft-365-conditional-access-mfa.html)
5. [Automate M365 Security Audit with PowerShell and Graph](https://ayinedjimi-consultants.fr/automatiser-audit-securite-microsoft-365-powershell-graph.html)
6. [Leveraging Microsoft Graph API for Audit and Monitoring](https://ayinedjimi-consultants.fr/exploiter-api-microsoft-graph-audit-monitoring.html)
7. [Advanced M365 Audit with Log Correlation](https://ayinedjimi-consultants.fr/audit-avance-microsoft-365-correlation-journaux-logs.html)
8. [M365 Security Best Practices 2025](https://ayinedjimi-consultants.fr/meilleures-pratiques-securite-microsoft-365-2025.html)
9. [M365 Compliance: Integrated Tools and Audit](https://ayinedjimi-consultants.fr/microsoft-365-conformite-outils-integres-audit.html)
10. [Detecting Compromised Identities in Azure AD](https://ayinedjimi-consultants.fr/microsoft-365-azure-ad-detection-attaques-compromission-identites.html)
11. [Microsoft 365 Audit Guide](https://ayinedjimi-consultants.fr/audit-microsoft-365.html)

## How to Use

1. Select your preferred language (English or French)
2. Navigate through each security category tab
3. Check items that your organization has implemented
4. View real-time security scores and recommendations
5. Review KQL queries for threat hunting in Microsoft Sentinel
6. Download the assessment report in Markdown format

## Created By

[AYI-NEDJIMI Consultants](https://ayinedjimi-consultants.fr/bio.html)

Specializing in Microsoft 365 security, compliance, and threat hunting.

## License

Apache License 2.0