FINOS Platform · IT Audit
FINOS IT Security Auditor — automated Microsoft 365 security posture assessment
An enterprise-grade module natively built into the FINOS platform. Connect customer Azure AD tenants, run automated scans across identity, access, applications, endpoints, and threat detection — then translate results into risk scores, findings, interactive reports, remediation plans, and synchronized asset inventories.
Why FINOS
Beyond one-off scripts and disconnected audit tools
- ✓Persistent multi-tenant scan history with trend analysis across runs
- ✓Customer-linked operations aligned with FINOS records, contracts, and asset management
- ✓Role-based access control integrated with FINOS permissions
- ✓Encrypted credential storage with operator step-up authentication for sensitive operations
- ✓Formal remediation workflows with approval gates and exportable remediation reports
- ✓Directory and device synchronization from scan snapshots into FINOS asset and identity views
Audit engine
Eight domain-specific assessment modules
Scans run asynchronously via Celery with real-time progress. Individual module failures are logged and skipped — only catastrophic authentication failures mark a run as failed. Intune and Defender modules activate based on active Microsoft 365 SKUs.
Identity & MFA
Assess identity hygiene and multi-factor authentication posture across all enabled users — MFA gaps, stale passwords, and directory snapshots for asset sync.
Critical · High · MediumRisky Users & Sign-ins
Surface Identity Protection risk signals and anomalous authentication activity from risky users and elevated sign-in events in the past seven days.
High · MediumPrivileged Roles
Audit membership in high-impact Azure AD directory roles — Global Administrator, Security Administrator, and other privileged roles with excessive admin detection.
Critical · High · InfoApplication Permissions
Identify over-permissioned enterprise applications and risky OAuth2 delegated consent grants exposing dangerous application or delegated scopes.
Critical · HighConditional Access Gaps
Evaluate Conditional Access policy coverage — legacy authentication blocks, MFA enforcement, and risk-based policy presence against best practices.
Critical · High · MediumIntune Device Compliance
Assess endpoint management posture for Intune-managed devices — compliance failures, encryption gaps, stale sync, and missing compliance policies.
High · MediumMicrosoft Defender — Security Alerts
Surface active threat detection signals from Microsoft Defender XDR — open critical and high alerts and ongoing security incidents.
Critical · HighDefender for Endpoint
Deep endpoint vulnerability and exposure assessment via the Defender for Endpoint API — exposure scores, critical CVE instances, and fleet-wide risk.
Critical · HighBenefits
Production-ready posture management for MSPs and enterprises
Unlike standalone audit scripts or one-off PowerShell reports, FINOS IT Security Auditor provides a unified, auditable, customer-aware security workflow integrated directly into daily FINOS operations.
8
Audit domains
0–100
Risk score scale
PDF + Excel
Export formats
24/7
Scheduled scan queue
- ✓Penalty-based 0–100 risk score with Good, Moderate, Poor, and Critical bands
- ✓Trend indicators comparing each scan to the previous completed run
- ✓Online reports, PDF (WeasyPrint), and multi-sheet Excel exports
- ✓Scheduled daily or weekly scans plus on-demand triggers per tenant
- ✓Findings management with acknowledge workflow and customer navigator sidebar
- ✓Remediation plans with Draft → Submitted → Approved → In Progress → Completed lifecycle
Use cases
Built for teams who audit Microsoft 365 at scale
Primary users include security auditors, MSP engineers, IT administrators, and compliance officers managing Microsoft 365 and Entra ID tenant security posture.
Managed service providers
Run automated security scans across many customer Azure AD tenants with persistent history, customer-linked findings, and exportable audit reports for client deliverables.
Enterprise security teams
Maintain continuous M365 posture visibility with scheduled scans, trend analysis, and formal remediation tracking aligned with internal security governance.
Compliance officers & auditors
Produce structured findings, risk-ranked reports, and remediation sign-off documentation for regulatory and internal audit programs.
Typical workflow
From tenant registration to measurable improvement
Register M365 tenant
Add tenant configuration with Azure AD app registration credentials, optional FINOS customer link, and scan schedule (daily, weekly, or manual).
Run security scan
Trigger on-demand or let scheduled Celery jobs queue scans. Progress and current module name update in real time in the dashboard.
Review findings & risk score
Filter findings by severity, module, and customer. Open the interactive online report with executive summary and module statistics.
Sync assets & directory
Push Intune devices into FINOS Assets and upsert Azure AD users and groups from scan snapshots.
Create remediation plan
Select Critical and High findings, submit for approval, track per-item resolution, and export remediation PDF with sign-off.
Re-scan & measure trends
Run follow-up scans and compare risk score trends across the last five completed runs to verify improvement.
Reports & remediation
Actionable intelligence — online, PDF, and Excel
Every completed scan produces structured output for stakeholders at every level — from executive summaries to per-finding remediation guidance.
Interactive online report
Full-width assessment with risk gauge, severity cards, module statistics, collapsible finding panels, and five-scan trend timeline.
PDF audit report
Professional A4 export via WeasyPrint with customer logo, executive summary, module grids, and finding cards aligned with the online report.
Excel workbook
Multi-sheet export with summary, all findings, and per-module sheets for identity and access domains.
Remediation plan governance
Transform audit findings into managed remediation programs with approval gates before work begins.
Security & trust
Enterprise credential and access controls
Customer tenant credentials are never returned in API responses. Sensitive operations require operator Microsoft 365 re-authentication with a 30-minute step-up session.
- ✓Client secrets encrypted at rest with Fernet symmetric encryption
- ✓Operator step-up authentication for Test Connection and credential add/edit flows
- ✓FINOS dynamic RBAC — granular permissions for view, read, run, export, and remediation approval
- ✓Scan results stored in FINOS database; Graph API calls made from FINOS backend to customer tenants
- ✓Separation of operator identity (who runs FINOS) from audited tenant credentials
FINOS platform
Deep integration across daily operations
The module is designed for production MSP and enterprise use — not a standalone tool disconnected from customer and asset records.
Customers
Tenant configs link to FINOS customer records; findings and assets filterable by customer with aggregate severity badges.
Assets (MVServices)
Intune device sync creates or updates Asset records with intune_device_id mapping and compliance-based status.
User Management
Dynamic RBAC permissions registered via data migrations; M365 MFA status visible on user detail pages.
Help Center
Seven contextual IT Audit articles seeded under the IT Audit category — credentials, permissions, and specialist guides.
FAQ
Common questions
How is this different from Brocent's IT Assessment & Audit service? +
Brocent IT Assessment & Audit is a human-led consulting service with fixed-scope project audits and APAC compliance mapping. FINOS IT Security Auditor is an automated software module inside the FINOS platform for continuous Microsoft 365 tenant scanning, multi-tenant history, and remediation workflow management. Many teams use both — automated FINOS scans for ongoing posture and Brocent consultants for deep compliance programs.
Which Microsoft 365 licenses are required? +
Core identity, access, and application modules run against any tenant with appropriate Graph API permissions. Intune Device Compliance activates when SKUs include Intune, EMS, M365, or Business plans. Defender modules activate with Defender, ATP, M365, or Business SKUs. If SKU detection fails, conditional modules default to enabled and degrade gracefully when permissions are missing.
Where is scan data stored? +
Scan results, findings, and remediation plans are stored in the FINOS PostgreSQL database. Microsoft Graph and Defender API calls are made from the FINOS backend to customer tenants — data residency follows your FINOS deployment.
What scan schedules are supported? +
Per-tenant configuration supports daily, weekly, or manual-only schedules. Celery Beat runs a daily queue at 02:30 HKT for eligible configurations. On-demand scans can be triggered from the dashboard at any time.
What Azure AD permissions are required? +
Each customer tenant needs an app registration with application permissions (not delegated) for Microsoft Graph — including User.Read.All, Directory.Read.All, Policy.Read.All, and module-specific permissions for Intune and Defender. Admin consent must be granted in the customer tenant. Contact us for the full specialist permission checklist.
Related services
Complement automated scans with expert delivery
Pair FINOS IT Security Auditor with Brocent's human-led security and audit services for end-to-end posture improvement.
See FINOS IT Security Auditor in action
Request a demo to explore multi-tenant Microsoft 365 security scanning, risk scoring, and remediation workflows integrated into your FINOS operations.