Launching soon · Sign up for early access

Every tenant has gaps.
Find yours in 12 minutes.

800+ automated checks across CIS, EIDSCA, and CISA. Zero agents, read-only.

No spam. Unsubscribe any time.

800+ automated checks
3 benchmarks mapped
~12 min average scan time
Read-only Graph permissions
app.aether365.io/dashboard
Posture · 18 Apr 2026
35%
▼ −4 pts since last scan
45 pass 82 fail 186 skip
Top failing · CISA SCuBA
HIGH
CISA.MS.AAD.1.1
Legacy authentication SHALL be blocked.
FIX
HIGH
CISA.MS.AAD.2.1
High-risk users SHALL be blocked.
FIX
HIGH
CISA.MS.AAD.3.1
Phishing-resistant MFA SHALL be enforced.
FIX
MED
CISA.MS.AAD.3.3
Authenticator SHALL show login context.
FIX
MED
CISA.MS.AAD.5.1
Only admins SHALL register applications.
FIX
Two scans · complete visibility

Compliance and exposure, side by side.

One scan benchmarks you against the world. The other looks at how attackers see you. Run them together and you cover both ends.

Compliance scan

Benchmark your M365 against global standards.

  • Every CIS, EIDSCA, and CISA SCuBA control tested.
  • Step-by-step remediation runbooks per finding.
  • Auditor-ready PDF in all supported languages.
800+
automated checks

Exposure scan

Find risky configurations before attackers do.

  • Surfaces excessive permissions and public sharing.
  • Coverage across Teams, SharePoint, Exchange, Entra ID.
  • Severity-scored findings, prioritized for triage.
27
findings on average tenant
Mapped to
CIS
CIS Benchmark
Microsoft 365 Foundations v3.0.1
EID
EIDSCA
Entra ID Security Configuration
CISA
CISA SCuBA
Secure Cloud Business Apps
How it works

From zero to first scan in under five minutes.

STEP 01

Grant read-only access

Approve the consent prompt. We request the minimum Microsoft Graph scopes required to assess - never write permissions.

STEP 02

Verify your tenant

We pull a sample of policies and configurations to confirm access is healthy before the first full scan kicks off.

STEP 03

Run automatic scans

Compliance and exposure scans run on schedule. Posture trend, top findings, and remediation runbooks land in your dashboard.

Built for security teams

Everything an MSP, IT admin, or CISO needs.

Read-only by default

Aether365 only ever reads. Remediation steps run in your tenant via runbooks you trigger explicitly.

Continuous monitoring

Daily automatic scans. Posture trend tracked over time so drift never goes unnoticed.

Multi-tenant for MSPs

One pane for every customer tenant. Compare posture, prioritize remediation, ship reports.

Runbook-driven remediation

Every finding ships with copy-paste PowerShell or MS Graph steps. Mark fixed or accept risk in one click.

Auditor-ready reports

One-click PDFs in 24 languages. Mapped to controls so audit trails write themselves.

Real-time alerts

Slack, Teams, or email. New high-severity finding lands? You'll know within minutes.

FAQ

Common questions.

Do you ever modify our tenant?
READ-ONLY
No. Aether365 requests only Microsoft Graph read scopes. Remediation suggestions are runbooks you execute yourself; nothing happens in your tenant without your action.
How long does the first scan take?
~12 MIN
For a typical mid-market tenant, the combined compliance + exposure scan completes in about twelve minutes. Larger environments may take up to thirty.
Which benchmarks are mapped?
3 + CUSTOM
CIS Microsoft 365 Foundations, EIDSCA (Entra ID Security Configuration Analyzer), and CISA SCuBA. Enterprise plans can layer custom or private control sets on top.
Where is our data stored?
EU / US
EU and US regions. We store only configuration metadata and scan results — never your users’ content, files, or messages.
Do you support MSPs managing many tenants?
YES
Yes. Multi-tenant is first-class. Compare posture across customers, route alerts per tenant, generate per-customer auditor reports.