ENTRAGUARD

Observation and audit platform for your Microsoft Entra ID tenant.

Microsoft Entra ID · Microsoft 365

Audit your tenant.
See what matters

Run 253 automated CIS controls on your Microsoft Entra ID and M365 tenant. Get a prioritized action plan. Export executive-ready reports. 100% in your browser.

0 CIS controls
0 Baselines
0 M365 services
5min Quick audit
entraguard.eu/audit
running
73 SCORE
OK 184
FAIL 42
WARN 18
MANUAL 9
Top findings live
FAIL Legacy authentication not blocked CIS 1.1.1
FAIL Guest users without MFA enforcement CIS 1.2.4
WARN Audit log retention below 180 days CIS 3.1.2
WARN Anonymous SharePoint sharing enabled CIS 7.2.1
// running baseline CIS L1 197 / 197
0
Automated controls
CIS Microsoft 365 Benchmark v6.0.1
0
Preset baselines
Quick · CIS L1 · CIS L2 · Zero Trust · Full
0
M365 services
Entra · CA · SharePoint · Exchange · Teams · +7
100%
Client-side
No backend, no data transmitted
01 / The problem

Microsoft Secure Score isn't enough

“A 67% Secure Score tells you nothing about which controls failed, why they matter, or what to fix first.”

  • Surface-level scoring. Generic score, no clear breakdown per CIS section or M365 service.
  • No actionable plan. Vague recommendations without remediation steps tied to your tenant.
  • Limited depth. Approximately 80 checks covered — far below the CIS reference of 253.
  • One-shot view. No historical tracking, no progress monitoring, no compliance evidence.
02 / The answer

Audit. Prioritize. Track.

Three pillars that turn raw Entra ID and M365 complexity into a clear, actionable security posture.

01 / AUDIT

253 controls. 5 minutes.

Parallel execution of the full CIS Microsoft 365 catalog. Pick a baseline or run the complete audit.

  • CIS v6.0.1 catalog
  • 5 preset baselines
  • 12 M365 services
  • Real-time progress
02 / PRIORITIZE

Findings, ranked by impact.

Every failure mapped to its CIS reference with severity, remediation steps, and direct links to Microsoft Learn.

  • FAIL / WARN / MANUAL
  • Remediation per finding
  • CIS section grouping
  • Service breakdown
03 / TRACK

Checklist. History. Export.

23-step best-practice checklist synchronized with audit results. Local history. Reports in PDF, XLSX, HTML, JSON, CSV.

  • 23-item checklist
  • Audit history (local)
  • 6 export formats
  • Print-ready reports
03 / Smart baselines

Don't audit blindly.
Pick a baseline.

Five preset baselines cover the most common audit scenarios. One click selects the right control set — no guesswork required.

15
controls
Quick
Essential CIS L1 controls. Run a 5-minute first diagnostic.
5 min
56
controls
CIS L2
CIS L2 baseline. Deeper hardening for regulated environments.
Hardened
128
controls
Zero Trust
Identity-focused controls aligned with Microsoft Zero Trust.
Identity
253
controls
Full
Complete CIS Microsoft 365 catalog. The full audit reference.
Complete
04 / Workflow

From sign-in to report.
In one session.

No agent to install. No backend to configure. No data leaves your browser.

01

Sign in securely

MSAL OAuth 2.0 + PKCE. Read-only Graph permissions. No app to register.

02

Pick a baseline

Quick · CIS L1 · CIS L2 · Zero Trust · Full. Adjust the selection manually if needed.

03

Run the audit

Parallel execution against Microsoft Graph. Real-time score. Live results.

04

Review findings

Prioritized list with CIS reference, severity, and remediation steps.

05

Export the report

PDF for the board. XLSX for the team. HTML for the wiki. JSON for the SIEM.

05 / Trust by design

Your data never leaves your tenant.

A security audit tool must itself be secure. Entra GUARD is engineered around one principle: no data ever crosses our boundary.

100% client-side

Every computation runs in your browser. No backend processes your audit data. No third-party logs are ever generated.

OAuth 2.0 + PKCE

Modern authentication flow with Microsoft's MSAL library. No secrets stored client-side. Token in session memory only.

Read-only Graph permissions

Minimal scopes — only what's needed to audit. No write permissions are ever requested or granted.

EU-hosted, no telemetry

Static site hosted in the EU. No analytics scripts. No third-party trackers. The page you load is the page that runs.

Ready when you are

Audit your tenant.
No commitment.

Run a complete CIS Microsoft 365 audit in your browser. Free demo available, no sign-up required.