📊 Dashboard 🟢 Pulse ✉ Inbox Shield 📡 Vendor Watch 🔗 Integrations 🎣 PhishSim 📋 Compliance 🛡️ BrandGuard
Early Access · 50% Off for Life

Your M365 and Google Workspace have
security gaps you can't see

A read-only OAuth scan of your tenant reveals misconfigured MFA policies, overprivileged external sharing, stale admin accounts, and more — in minutes, not weeks.

🔷 Microsoft 365
🔵 Google Workspace

Get started — 50% off for early subscribers

Early access subscribers lock in $19/mo forever — price goes to $39/mo once we're out of early access. We'll onboard you within 24 hours of signup.

Secure checkout via Stripe · Cancel anytime · No contract

What we scan

30+ checks across identity, sharing, and admin

Everything a threat actor looks for when they compromise a workspace — surfaced before they get the chance.

🔐

MFA enforcement gaps

Which users and admin accounts lack MFA. Conditional access policy coverage.

M365 + GWS
👑

Stale admin accounts

Global admins who haven't signed in for 30+ days. Break-glass account hygiene.

M365 + GWS
🌐

External sharing settings

SharePoint / Drive sharing scope. Guest access policies. Anonymous link permissions.

M365 + GWS
📧

Email forwarding rules

Inbox rules forwarding mail to external domains — a common post-compromise exfil technique.

M365 + GWS
🔑

OAuth app permissions

Third-party apps with delegated access to mail, calendar, or files. Risky consent grants.

M365 + GWS
🏢

Conditional access policies

Missing location-based, device compliance, or risk-based access controls.

M365
📱

Mobile device management

Devices accessing company data without MDM enrollment or compliance policy.

M365 + GWS
🛡️

Legacy auth protocols

SMTP AUTH, POP3, IMAP enabled — common vectors for credential stuffing that bypass MFA.

M365
📋

Audit log retention

Whether audit logging is enabled and how long logs are retained for incident response.

M365 + GWS
Sample output

What your report looks like

A scored, prioritized breakdown of every check — with plain-English remediation steps, not just raw API output.

Workspace Posture Report
contoso.com · Microsoft 365 · May 2026
61
score
MFA enforcement — 4 admin accounts without MFA Critical
External sharing — Anonymous links enabled on SharePoint High
Legacy auth — SMTP AUTH enabled tenant-wide Medium
Email forwarding — 2 users forwarding to external domains Medium
Stale admins — 1 Global Admin inactive 47 days Medium
Audit logging — Enabled, 90-day retention Pass
Conditional access — Device compliance policy active Pass
Pricing

One flat rate, both platforms

No per-seat pricing. No enterprise sales call. One subscription covers your entire tenant.

Workspace Posture Pro

$19 /mo

$39/mo after early access

Monthly automated scans of your M365 or Google Workspace tenant. Cancel any time — no contract, no minimum.

✓ Early access rate locked in for life.

  • M365 and / or Google Workspace
  • 30+ security checks per scan
  • 0–100 posture score
  • Monthly automated scans
  • Remediation steps per finding
  • Score trend over time
  • Slack / webhook alerts on new findings
  • Read-only OAuth — nothing is changed
  • Cancel any time
FAQ

Common questions

More questions? [email protected]

What does "read-only OAuth" mean exactly?
When you connect your tenant, you'll authorize EdgeIQ's app with read-only permissions. We can see your configuration settings but cannot create users, change policies, send email, or modify anything. The OAuth scopes are shown explicitly during the consent flow before you approve.
Do you store my tenant data?
We store your scan results (the findings and scores) so you can track posture over time. We do not store the raw API responses or personal data about your users. Your OAuth tokens are encrypted at rest. You can revoke access at any time from your Microsoft or Google admin console.
Will my IT admin need to approve this?
Yes. Connecting an OAuth app to M365 or Google Workspace requires a Global Admin (M365) or Super Admin (GWS) to authorize it. This is standard for any third-party integration — the same flow as connecting Slack, Zoom, or DocuSign.
What happens after I subscribe?
We'll email you within 24 hours with a secure OAuth connect link for your platform. You authorize read-only access, we run your first scan, and your full report lands in your inbox. No IT ticket needed — the consent flow takes about 2 minutes.
Does $19/mo cover both M365 and Google Workspace?
One subscription covers one tenant. If you run both M365 and Google Workspace, you'd need two subscriptions — $38/mo total at the early access rate, versus $78/mo at standard pricing. The early access rate is locked in for life on each subscription.
ALSO FROM EDGEIQ

Locking down your workspace is half the picture

Attackers who can't get in through your workspace try a different angle: they register a domain that looks exactly like yours and phish your customers directly. BrandGuard monitors for typosquatted and lookalike domains 24/7 and alerts you the moment a new impostor appears — before your customers get hit.

See BrandGuard — $14/mo →
No setup fee · cancel anytime · starts monitoring immediately