Features

Generates branded standard operating procedures directly from your live Microsoft 365 configuration. SOPs document what is configured, how each policy is set up, and which users or groups are affected.

• ✓18 M365 policy types — Conditional Access, Intune device config, compliance policies, security baselines, app protection, enrollment profiles, update rings, Autopilot, and more
• ✓Export formats: Markdown, HTML, PDF, and DOCX
• ✓Automatic version numbering and date stamping
• ✓Company branding (logo, colors, name) applied to all outputs
• ✓Policies are grouped by type with full configuration details

Scans your Microsoft 365 tenant against 548 security controls across twelve compliance frameworks. Produces a weighted compliance score, per-domain breakdowns, and a control-by-control pass/fail report.

• ✓Twelve frameworks: CISA SCuBA, CIS Microsoft 365, EIDSCA, NIST 800-53 Rev 5, NIST CSF, Maester, ORCA, Veri-Tech Recommendations (detection) + ISO 27001, SOC 2, GDPR, HIPAA (mapping) — all sourced from authoritative public crosswalks
• ✓Six assessment domains: Identity, Intune, Exchange, Teams, SharePoint, Defender
• ✓Weighted scoring system — critical controls have higher impact on your score
• ✓Cross-framework mapping — every control shows which NIST, ISO, SOC 2, HIPAA, GDPR requirements it satisfies
• ✓Severity ratings (Critical, High, Medium, Low) for prioritization

Automatically deploys policy changes to close compliance gaps identified by the scanner. Every change goes through safety controls to prevent disruption.

• ✓330+ of 548 M365 controls are auto-remediable — the rest provide step-by-step manual guidance
• ✓Conditional Access policies deploy in report-only mode first — enforcement requires manual action
• ✓Break-glass (emergency access) accounts are excluded from all deployed policies
• ✓Just-In-Time (JIT) permissions — write access is granted before remediation and auto-revoked after
• ✓Disruption risk rating (None, Low, Medium, High, Critical) shown for every control before deployment
• ✓Prerequisite checks — controls requiring specific licenses are skipped automatically if the license is not present
• ✓Dependency-aware execution ordering — controls are remediated in the correct sequence

Assesses your Intune endpoint management configuration against 375 security controls covering Windows, macOS, iOS, and Android. Includes Policy Insights for cross-policy conflict detection, modify-in-place remediation, AI-generated plans, a dedicated per-platform assignment page, and a 3-tier dispatch workflow.

• ✓375 Intune-specific controls across device compliance, configuration profiles, security baselines, and app protection
• ✓Cross-platform remediation: Windows, macOS, iOS, Android — with macOS auto-remediation for device configuration and compliance policies
• ✓Assignment-aware dual scoring — see both deployed (effective) and configured (total) compliance
• ✓Cross-source detection: Settings Catalog, Security Baselines, Compliance Policies, and more
• ✓Modify-in-place remediation — edits existing misconfigured policies instead of stacking overrides, with previous-value tracking
• ✓Per-control strategy toggle (Modify vs. Override) for granular control
• ✓AI-generated remediation plans with per-control dispositions respecting the registry's automatable flags
• ✓3-tier dispatch workflow (green / amber / red) with Change Advisory + runbook generation before deployment
• ✓Dedicated policy assignment page with per-platform group selectors (Windows, macOS, iOS, Android)
• ✓Automated remediation with scoped JIT write permissions (3 permissions vs 14 for M365)
• ✓Cross-product detection surfaces related Veri-Guard and Veri-Patch controls from the same tenant
• ✓CIS, NIST, SOC 2, ISO 27001, HIPAA, and CISA framework mapping
• ✓Included with Enterprise and MSP plans

A dedicated scanner that reads every Intune policy in your tenant and surfaces settings that appear in 2+ policies — flagging value conflicts, redundant duplicates, and unassigned overrides. The silent-misconfiguration detector that catches years of accumulated Intune drift.

• ✓Value conflict detection — identifies policies fighting each other with contradictory settings
• ✓Redundant duplicate detection — same setting, same value, across multiple policies
• ✓Unassigned override detection — overriding policies that aren't actually assigned to any group
• ✓Setting-centric view (one row per conflicting setting)
• ✓Policy-centric view (one row per policy, with its overlap footprint)
• ✓Filter by severity, policy type, platform, and conflict class
• ✓Downloadable Detailed and Executive reports in HTML, Markdown, or PDF
• ✓Prominent card on the Tune results page + separate full-screen page at /tune/[jobId]/policy-insights
• ✓Included with Veri-Tune (Enterprise and MSP plans)

End-to-end Windows feature update management — prerequisite validation, telemetry setup, compatibility scanning, update policy configuration, direct group assignment for unassigned policies, and automated AU-scoped device group sync.

• ✓Guided prerequisite checker with telemetry setup wizard and regional privacy guidance
• ✓Live update policy viewer — feature rings, quality updates, expedited patches, and driver update profiles with KB/CVE details
• ✓Assignment status badges on every policy card (assigned / unassigned) across all WUfB policy types
• ✓Direct group assignment for unassigned WUfB policies with live group search
• ✓Feature update compatibility scanning with per-device readiness classification
• ✓Automated device group sync scoped via Administrative Units — zero tenant-wide group access
• ✓Recurring scan scheduling with CSV exports, shareable HTML reports, and email notifications
• ✓Included with Enterprise and MSP plans

Automatic Scan Snapshots, deep content search, side-by-side change detection, and — on Enterprise — the Vault Activity Log, config restore, drift alerting, Tenant Reconnect Wizard, and Emergency Accounts for tenant recovery.

• ✓Automatic Scan Snapshots captured alongside every compliance scan
• ✓Deep content search across snapshot contents
• ✓Change detection — see exactly what changed between any two snapshots, with search and filter on the diff
• ✓Auto-select recent snapshots in compare flows
• ✓Snapshot completeness indicators and size-trend stats
• ✓CSV/JSON export for snapshots; CSV export for comparisons
• ✓Download All Runbooks as ZIP from any snapshot
• ✓Vault Activity Log — snapshots, comparisons, restores, exports, admin actions (Enterprise)
• ✓Full config restore from any snapshot (Enterprise)
• ✓Tenant Reconnect Wizard for re-binding disconnected tenants (Enterprise)
• ✓Drift alerting with configurable thresholds — email + HMAC-signed webhooks (Enterprise)
• ✓Emergency Accounts with QR-code TOTP setup, scrypt password hashing, AES-256-GCM Key Vault encryption, and rate-limited login (Enterprise)
• ✓Tier-based snapshot retention: 90 days (Professional) / 1 year (Enterprise) / 3 years (MSP)

An interactive AI chat assistant grounded in your real tenant data. Ask questions about your compliance posture in natural language and get control-specific remediation guidance and impact analysis.

• ✓Chat grounded in your specific assessment results — not generic advice
• ✓Ask questions like "Which controls are failing for Exchange?" or "What's my NIST compliance score?"
• ✓Get prioritized remediation recommendations based on risk severity
• ✓Powered by Anthropic Claude Sonnet — enterprise-grade accuracy
• ✓No tenant configuration or user data is sent to the AI provider
• ✓Available on Professional (AI Insights + Remediation Plans) and Enterprise (full Copilot chat)

Project how your compliance score would change if you remediated specific controls — before making any changes. Helps prioritize which fixes deliver the most impact.

• ✓Select any combination of failing controls to simulate
• ✓See projected score impact per control and cumulative total
• ✓Identify high-impact, low-effort fixes for maximum score improvement
• ✓Client-side calculations — instant results, no API call required

Translates compliance gaps into dollar risk exposure. Maps each failing control to real-world breach costs, regulatory fines, and incident data to quantify the financial risk of inaction.

• ✓Dollar risk exposure calculated from 15 real breach incidents and regulatory actions
• ✓Per-control risk breakdown with incident citations
• ✓ROI analysis — compare remediation cost vs. risk exposure
• ✓Export-ready for executive and board presentations

Shows the potential impact of each failing control — which real-world incidents it maps to, relevant MITRE ATT&CK techniques, and applicable regulatory fines.

• ✓Per-control risk context with real-world incident mapping
• ✓MITRE ATT&CK technique references where applicable
• ✓Regulatory fine ranges from GDPR, HIPAA, and other frameworks
• ✓Helps security teams communicate risk to non-technical stakeholders

Pre-built bundles of high-impact, low-effort compliance fixes grouped by theme. Track progress as you work through each bundle to systematically close gaps.

• ✓6 themed bundles: Identity Hardening, Device Security, Data Protection, Communication Security, Cloud Infrastructure, and Endpoint Management
• ✓Progress tracking per bundle — see completion percentage as you remediate
• ✓Controls sorted by impact-to-effort ratio within each bundle
• ✓Direct links to remediation guidance for each control in the bundle

Generate polished executive compliance reports designed for board presentations, audit committees, and C-suite briefings. Includes overall posture, framework scores, risk summary, and trend data.

• ✓One-click generation from any completed assessment
• ✓Framework-level scoring breakdown (CISA, CIS, NIST, etc.)
• ✓Risk summary with severity distribution and top gaps
• ✓White-label support — use your company branding or your client's
• ✓Available via API at /guard/{jobId}/board-report

Generate and share a verifiable compliance certificate after each assessment. Certificates include a unique ID and public verification URL for auditors and partners.

• ✓Unique certificate ID with public verification endpoint
• ✓Shows overall compliance score, assessment date, and frameworks assessed
• ✓Shareable URL for third-party verification without portal access
• ✓Automatically generated for assessments scoring above threshold

Apply your own branding (logo, company name, color scheme) to all reports and documents generated for client tenants. Clients see your brand, not Veri-Tech.

• ✓Custom logo and company name on all generated reports
• ✓Applies to SOPs, compliance reports, executive summaries, and certificates
• ✓Configure per-tenant or use a default brand across all clients
• ✓Settings managed from the MSP Dashboard → Branding

Maps your Microsoft 365 security controls to HIPAA Security Rule safeguards. Identifies which technical safeguards are addressed by your current configuration and where gaps remain.

• ✓Maps controls to HIPAA §164.308 (Administrative), §164.310 (Physical), §164.312 (Technical) safeguards
• ✓Distinguishes Required vs. Addressable safeguard implementation specifications
• ✓Generates HIPAA-specific compliance evidence for auditors
• ✓Available as a $199/mo add-on to Enterprise and MSP plans

Invite teammates into the portal, assign roles, track every login and admin action in the user audit log, enforce plan-tier seat limits, and revoke sessions on demand. Built for enterprise IT teams with multiple administrators.

• ✓Plan-tier seat limits: Starter up to 5 · Professional up to 25 · Enterprise/MSP unlimited
• ✓Invite flow with email pre-assignment and 7-day expiry
• ✓Require-invite toggle — lock new-user sign-ups to pre-invited emails only
• ✓Four roles: Owner, Admin, Viewer, Billing
• ✓Bulk role changes with multi-select checkboxes
• ✓User audit log — logins, role changes, removals, invites, session revocations
• ✓Session revocation with 5-minute propagation (down from 15 minutes)
• ✓Access denial UX for removed / invite-required / limit-reached users
• ✓User profile page (/account) — role, tenant, plan tier, member-since date
• ✓Audit log page at /settings/audit-log

Undo remediation changes within a 24-hour window. Rollback automatically restores the previous configuration value captured before remediation.

• ✓24-hour rollback window after any remediation action
• ✓Previous configuration values captured automatically (beforeValue)
• ✓Per-control rollback — undo individual changes without affecting others
• ✓Full audit trail of rollback actions

Automate recurring compliance assessments on a daily, weekly, or monthly cadence. Never miss configuration drift — scans run on schedule and results appear in your dashboard.

• ✓Daily, weekly, or monthly scan schedules
• ✓Timer-triggered execution — no manual intervention needed
• ✓Results appear in the compliance dashboard alongside on-demand scans
• ✓Configure schedule from Settings → Scan Schedule

Get notified when your compliance score changes beyond a configured threshold. Supports email notifications and HMAC-signed webhook delivery for integration with your existing tools.

• ✓Score delta alerts — trigger when compliance score drops by a configurable amount
• ✓Email notifications to specified recipients
• ✓HMAC-signed webhook delivery for Slack, Teams, PagerDuty, or custom integrations
• ✓Configure thresholds and delivery channels from Settings → Alerts

Managed Service Providers can manage multiple client tenants from a single dashboard. Run assessments, generate SOPs, and track compliance across your entire client portfolio.

• ✓Centralized dashboard showing all managed client tenants
• ✓Run assessments and generate documents for any client from your portal
• ✓Per-client compliance score tracking and trend analysis
• ✓Volume pricing — 20% off for 5-14 tenants, 30% off for 15+
• ✓White-label branding for client-facing reports

Enterprise organizations managing multiple tenants (subsidiaries, business units, regions) can monitor compliance across their entire fleet from one hub.

• ✓Fleet-wide compliance dashboard with cross-tenant comparison
• ✓Drift detection across tenants — spot when one falls behind
• ✓Centralized policy management recommendations
• ✓Per-tenant RBAC (Owner, Admin, Viewer, Billing roles)

Every SOP, compliance report, gap analysis, and runbook you generate is stored in a searchable archive. Download individual documents or bulk-export by date range.

• ✓Search by document type, date, or environment name
• ✓Filter by job type: SOPs, Compliance Scans, Assessments, Runbooks, Remediation
• ✓Documents grouped by month for easy navigation
• ✓Download individual files or full job packages (ZIP)
• ✓Retention: 30 days (Starter), 90 days (Professional), 3 years (Enterprise/MSP)