Frequently Asked Questions

M365 Toolbox is an automated security and compliance monitoring platform for Microsoft 365. It runs 65 security checks across identity, device management, data protection, collaboration, and email security — then gives you plain-language findings with step-by-step remediation guidance.

The AI Assistant understands your tenant's security configuration and can answer questions about your specific environment. Ask it about a failed check, a configuration change, or how to remediate a finding — it gives tailored, actionable answers instead of generic advice. It's read-only and cannot modify your tenant.

We run 65 checks across five categories: Identity & Access (MFA, conditional access, admin roles), Device Management (compliance policies, encryption), Data Protection (DLP, sensitivity labels), Collaboration (SharePoint, Teams, guest access), and Email Security (DMARC, DKIM, transport rules). Each check includes a severity rating and how-to-fix guidance.

Drift Monitor tracks changes to your Microsoft 365 configuration over time. Set a security baseline, and when someone changes a conditional access policy or modifies a sharing setting, you'll know about it. It shows what changed, when, and gives you a human-readable description — not a raw config diff.

No. Every operation is read-only. The application is hardcoded to only perform read commands — no write operations can execute. We check your configuration and policy settings, nothing more.

No. We only access configuration and policy settings — the stuff that tells us how your tenant is set up. We cannot read email content, documents, chat messages, or any other user-generated content.

For IT departments, it's a standard Microsoft Entra ID admin consent flow — a Global Admin approves read-only permissions once, and you're set up in about two minutes. For MSPs, access works through Microsoft's GDAP (Granular Delegated Admin Privileges) framework using your existing partner relationships.

Yes. The platform is hosted on Microsoft Azure with encryption in transit and at rest. Authentication uses Microsoft Entra ID — there are no separate passwords to manage. Each subscriber's data is logically isolated, and we're actively pursuing SOC 2 Type 2 certification.

7 days with full access to all features. No credit card required to start.

No. Both plans are month-to-month. Cancel anytime with no penalties or fees.

Yes. You can upgrade from IT Department to MSP at any time if you start managing additional client tenants. Contact support through the app and we'll handle the transition.

Additional tenants beyond the 10 included are $15/month each, added automatically to your next billing cycle. No action needed — just connect the tenant and it's billed accordingly.

Support is built into the app. After signing in, you have access to an AI-powered support assistant that understands the platform and your specific environment. For account or billing issues, reach out through the in-app support channel.

The setup process is self-service and takes about five minutes. The AI Assistant can walk you through connecting your first tenant and understanding your initial security assessment. For MSPs onboarding multiple tenants, the process is similarly streamlined through the GDAP connection flow.