M365 Security Toolkit
CIS-aligned security assessment, email DNS generator & remediation scripts
Calculating...
Category Breakdown
What To Do Next
Email Security Record Generator
Generate SPF, DKIM, and DMARC DNS records for your domain in under 2 minutes. No DNS lookups — we generate the records, you add them to your DNS.
SPF Record
TXT@ (your domain root)DKIM Records
CNAMEDMARC Record
TXT_dmarcPrioritised Remediation Actions
Complete the security assessment first to generate your personalised action plan with priority rankings, remediation scripts, and compliance mappings.
Your Priority Actions
Sorted by severity band, then quick-win ratio. Fix the top items first for maximum risk reduction.
Export Security Scorecard
Complete the assessment to generate a printable security scorecard with your score, category breakdown, top priority actions, and compliance coverage.
Frequently Asked Questions
1. Do I need to connect this tool to my M365 tenant?
No. This is a self-assessment where you answer questions about your configuration. No tenant access, no PowerShell, no admin credentials needed. Perfect for planning, pre-engagement assessments, and annual security reviews.
2. How does this compare to Microsoft Secure Score?
Secure Score requires tenant access and uses Microsoft's own scoring. This tool works without any access, aligns to the CIS Microsoft 365 Benchmark, maps to multiple frameworks including NIST 800-53, ISO 27001, and Essential Eight, and includes email DNS generation and remediation scripts.
3. How accurate is the risk quantifier?
Risk estimates use industry benchmarks from the IBM Cost of Data Breach Report and Verizon DBIR. They are planning-level estimates to help you prioritise actions and build a business case for security investment, not actuarial calculations.
4. Will the generated email records work for my domain?
The SPF, DKIM, and DMARC records use standard templates for Microsoft 365, Google Workspace, and common sending services. Always test with DMARC p=none (monitor mode) before enforcing quarantine or reject policies.
5. Can I save my progress?
Yes. Assessment answers, generated records, and configuration choices are saved in your browser's local storage. Return anytime to continue where you left off. Nothing is uploaded to any server.
6. Which compliance frameworks are covered?
The assessment maps to the CIS Microsoft 365 Foundations Benchmark, NIST 800-53, ISO 27001 Annex A, and the Australian Essential Eight. Each question shows which controls it relates to in each framework.
7. How often should I re-assess?
Quarterly is best practice. The tool tracks your previous score so you can measure improvement over time and demonstrate security progress to leadership.
8. Is this tool still being improved?
Yes! This is V1. Share your feedback at /feedback/ and help shape future versions.