Veri-Tech
← Support

Getting Started

A step-by-step guide to connecting your tenant and getting the most out of the Veri-Tech platform.

1
Connect Your Tenant

A Global Administrator in your organization approves read-only access to your Microsoft 365 configuration. This is a standard Microsoft admin consent flow — no passwords or secrets are shared.

  • Navigate to the onboarding page and click "Connect with Microsoft"
  • Review the list of read-only permissions being requested
  • A Global Administrator must approve the consent prompt
  • Once approved, Veri-Tech can read your tenant configuration (policies, profiles, settings)
2
Run Your First Compliance Scan

Veri-Guard scans your tenant against 548 M365 security controls across 12 compliance frameworks including CISA, CIS, NIST 800-53, NIST CSF, ISO 27001, SOC 2, HIPAA, and GDPR. Your first scan typically completes in under two minutes.

  • Go to the Compliance Hub and click "Run Assessment"
  • Select which workloads to include (Identity, Intune, SharePoint are default)
  • Optionally enable Exchange and Teams scanning from Settings → Permissions
  • View your compliance score and drill into individual control results
3
Review Your Compliance Score

Your dashboard shows an overall compliance score and per-domain breakdowns. Each control shows pass/fail status, severity, and which frameworks it satisfies.

  • Overall score is calculated from weighted pass/fail results across all assessed controls
  • Domain scores show Identity, Intune, Exchange, Teams, SharePoint, and Defender separately
  • Click any control to see its details, remediation guidance, and framework mappings
  • Compare scores over time to track your compliance posture improvement
4
Generate SOPs & Runbooks

Generate standard operating procedures directly from your live M365 configuration. SOPs document your current policies — what is configured, how, and for which users.

  • Go to the SOP Generator and select which policy types to include
  • 18 M365 policy types are supported (Conditional Access, Intune profiles, compliance policies, etc.)
  • Export as Markdown, HTML, PDF, or DOCX with your company branding
  • Runbooks are generated from compliance scan results and provide step-by-step remediation instructions
5
Remediate Compliance Gaps

On the Enterprise plan, Veri-Guard can automatically deploy policy changes to close compliance gaps. All changes go through safety controls — Conditional Access policies deploy in report-only mode, and break-glass accounts are required.

  • Review the gap analysis report to see which controls failed
  • Select controls to remediate — each shows disruption risk and what will change
  • Write permissions are granted just-in-time (JIT) and auto-revoked after the job completes
  • Conditional Access policies are always deployed in report-only mode first
  • Break-glass (emergency access) accounts are required before any write operations
6
Monitor Drift Over Time

Schedule recurring assessments to detect configuration drift. Compare scores across runs to identify when settings change unexpectedly.

  • Set up scheduled scans (daily, weekly, or monthly) from Settings → Scan Schedule
  • Configure compliance alerts to get notified when your score drops
  • The Documents page archives every assessment, SOP, and runbook you generate
  • Compare two assessment results side-by-side to see what changed
  • Use the MSP Hub or Multi-Tenant Hub to manage multiple tenants from one dashboard
7
Assess Intune Endpoints with Veri-Tune

Veri-Tune extends your coverage to 375 Intune-specific controls across Windows, macOS, iOS, and Android — with Policy Insights, modify-in-place remediation, AI remediation plans, and a 3-tier dispatch workflow.

  • Navigate to the Tune section and run an Intune baseline assessment
  • Review assignment-aware dual scoring — deployed (effective) vs. configured (total) compliance
  • Open Policy Insights to find setting overlaps, value conflicts, and unassigned overrides across every Intune policy — with downloadable detailed and executive reports
  • Let the AI-generated remediation plan disposition each control (remediate / runbook / skip), then review and adjust
  • Dispatch through the 3-tier change-advisory workflow (green / amber / red) — amber controls are pre-selected for review
  • Modify-in-place remediation edits existing policies instead of stacking overrides; Windows + macOS device config and compliance policies are auto-remediated
  • Use the dedicated /assign page with per-platform group selectors for configured-but-unassigned policies
  • Included with Enterprise and MSP plans
8
Feature Update Management with Veri-Patch

Veri-Patch provides end-to-end Windows feature update management — from prerequisite validation through compatibility scanning, policy configuration, direct group assignment, and automated device group sync with zero-trust AU scoping.

  • Run the prerequisite checker to validate telemetry, licensing, and enrollment
  • View all WUfB update policies — feature rings, quality updates, expedited patches, and driver update profiles — each with assignment status badges
  • Assign unassigned policies to security groups directly from the portal using live group search
  • Run compatibility scans to classify devices as ready or blocked with detailed hold analysis
  • Set up recurring scan schedules (daily, weekly, monthly) with email notifications
  • Export device lists as CSV or sync to AU-scoped Entra security groups automatically
  • Set up Administrative Unit scoping with the guided PowerShell wizard for zero-trust group access
9
Back Up & Protect Your Config with Veri-Vault

Veri-Vault captures Automatic Scan Snapshots alongside every scan. Enterprise adds config restore, the Vault Activity Log, Tenant Reconnect Wizard, drift alerting, and Emergency Accounts for tenant recovery.

  • Browse snapshots by date and run deep content search across snapshot contents
  • Compare any two snapshots side-by-side with search/filter on the diff and CSV export
  • Download All Runbooks from a snapshot as a single ZIP
  • On Enterprise: review the Vault Activity Log for full audit history of snapshots, restores, and exports
  • On Enterprise: configure drift alerts (email + HMAC-signed webhooks) for configuration changes outside approved windows
  • On Enterprise: use config restore with JIT write permissions to roll the tenant back to a previous snapshot
  • On Enterprise: set up Emergency Accounts with QR-code TOTP, scrypt password hashing, and AES-256-GCM Key Vault encryption for tenant recovery
  • On Enterprise: use the Tenant Reconnect Wizard if consent expires, the app reg changes, or the tenant is migrated
10
Invite Your Team

Add teammates to the portal with role-based access control, an audit log of every action, and session revocation on demand. Seat limits apply per plan: 5 (Starter), 25 (Professional), unlimited (Enterprise and MSP).

  • Go to Settings → Users → Invite and enter an email address
  • Choose a role: Owner (full control + billing), Admin (full operational), Viewer (read-only), Billing (billing-only)
  • Invites expire after 7 days; the invited user must sign in with the matching email to accept
  • Enable "require invite" to block any new user who hasn't been pre-invited
  • Use bulk role changes to update multiple users at once
  • Revoke a session instantly if a device is compromised — propagation within 5 minutes
  • Review the user audit log (Settings → Audit Log, Enterprise) for logins, role changes, invites, and removals

Need help? Submit a support ticket