← all posts By  · 11+ yrs Microsoft ecosystem  · LinkedIn  ·  2026-05-09 // powershell · m365 · security 7 min read

How I Built a PowerShell Toolkit That Audits Your Entire Microsoft 365 Tenant in Minutes

the problem with most M365 audits

Most M365 security audits fall into one of two categories. Either a consultant runs a manual checklist through the portal and produces a Word document, or an expensive third-party tool produces a 200-page PDF that nobody reads. Neither is useful for an SMB IT admin who needs to know what is broken and how to fix it.

what the toolkit does

Two PowerShell scripts that connect to your tenant using certificate-based app authentication, run a series of checks, and produce a clean HTML report you can open in any browser, share with your team, or export to PDF in one click.

what the tenant audit checks

Identity and Access:

  • Legacy authentication blocked via Conditional Access
  • Tenant-wide MFA policy exists
  • Break-glass accounts excluded from CA policies
  • Global Administrator count

Email Security:

  • DMARC policy level (none, quarantine, or reject)
  • SPF hard fail vs soft fail
  • DKIM signing enabled
  • External auto-forwarding blocked

App Registrations:

  • Certificates expiring within 30 days
  • Client secrets expiring within 30 days
  • Apps holding high-privilege Graph permissions
  • App registrations with no owners assigned

Endpoint and Licensing:

  • Intune compliance policies deployed
  • App protection policies deployed
  • Unassigned licences by SKU
  • Shared mailboxes with paid licences

the mailbox report

Pulls every mailbox in your tenant showing used storage, quota, available space, used percentage, archive status, and licence per mailbox. Sorted by storage descending. Highlights anything over 80% quota automatically. Export to PDF or CSV in one click.

how authentication works

Both scripts use certificate-based app-only authentication. No interactive login prompts. No browser windows. Set up an app registration once, run the scripts with three parameters, and the reports generate automatically. Full setup documentation is included covering every step of the app registration, certificate creation, and permission assignment.

get the toolkit

Available at aroramsp.com/whatido. Includes both scripts, full setup guide, prerequisites documentation, and sample reports so you know exactly what the output looks like before you run anything. USD 99 one-time payment.

Download a sample audit report to see exactly what you get.

Get the toolkit
← all posts // himanshu @ aroramsp