Microsoft 365 has become indispensable in the SMB environment. This makes the security posture around M365 increasingly important — for companies themselves, but especially for Managed Service Providers who continuously support, secure, and advise their customers.
With the new M365 Security feature, lywand expands its Security Audit Platform with a central integration for Microsoft 365. The goal is to present security-relevant information in lywand in a clear, assessable, and reportable way.
The new feature is currently available as a Public Beta and can be tested by partners free of charge.
Developed Based on Partner Feedback
The M365 Security feature was developed directly from feedback provided by our partners. Through our Feature Request Portal, it became clear that a better overview of Microsoft 365 security information is one of the most requested enhancements.
The reason is obvious: almost every customer uses Microsoft 365, while security-relevant information is spread across various Microsoft portals. For MSPs, this means a lot of clicking, little overview, and significant effort to derive concrete actions from the available information.
This is exactly where the new integration comes in. lywand collects relevant M365 Security information centrally within the platform and makes it usable where partners already work.
Overview of Features
The M365 Security integration introduces several new features:
Microsoft Secure Score in the Partner Dashboard
M365 compliance measures at customer level
Detection of Risky Users including vulnerability creation
Synchronization of Microsoft 365 mailboxes
Customer summary in the Management Report
Microsoft Secure Score in the Partner Dashboard
With the new integration, the Partner Dashboard is extended to include the Microsoft Secure Score. This allows partners to see at a glance how their customers’ Microsoft 365 security is doing. Instead of clicking through Microsoft portals for each customer, anomalies, developments, and required actions can be viewed centrally in lywand. This creates more transparency and makes prioritization easier – especially when many customers are managed at the same time.
M365 Compliance Measures
Also new is the compliance menu at customer level. In addition to the familiar CIS best practices, measures from the Microsoft Secure Score are now displayed there as well.
These measures help improve the security configuration of a Microsoft 365 tenant step by step. They do not address “classic” vulnerabilities and therefore do not affect the security rating, but they do affect the Microsoft Secure Score.
Compliance topics are displayed separately because, in practice, they must be coordinated individually with each customer. This is intentional, because not every best practice automatically fits every company. Some measures have organizational impact, change workflows, or require specific licenses.
Detection of Risky Users
In addition to compliance information, lywand also reads so-called Risky Users from Microsoft 365 — provided that the required Microsoft license is available for the customer. Risky Users are user accounts for which Microsoft detects an increased risk. This can happen, for example, due to compromised credentials or unusual login activity.
When a Risky User is detected, lywand automatically creates a vulnerability. Corresponding measures are also created and can be centrally monitored in the Security Cockpit.
Remediation is then carried out directly in Microsoft 365, for example by changing passwords or taking further action on the affected account. Once the issue has been resolved and synchronized, the vulnerability disappears from lywand again.
Synchronization of Microsoft 365 Mailboxes
With the M365 Security integration, M365 mailboxes are automatically transferred to the Infrastructure area. This allows the external audit scope to be expanded with a single click, so Microsoft 365 user mailboxes can also be checked against Have I Been Pwned.
This increases visibility into potentially compromised credentials and adds another important area to the existing checks.
Customer Summary in the Management Report
The new information is also visible in the Management Report. Customers can see, among other things:
how the Microsoft Secure Score develops,
which security-relevant measures exist,
whether Risky Users have been detected,
and how the M365 security posture changes over time.
This is a clear advantage in customer conversations. Security becomes less abstract and easier to explain. Partners can show where concrete risks exist, which measures have already been implemented, and where further action is required.
In addition, the license dependency of certain Microsoft features provides a good basis for consulting and upselling. If a customer does not receive certain security information because their Microsoft license is insufficient, the added value of higher license levels can be argued much more clearly.
Simple Technical Setup
Setup is carried out via a PowerShell script that registers the required permissions in the Microsoft 365 tenant. lywand only requires read permissions to retrieve and display relevant information. Write permissions are currently not required but may become relevant for future features.
Customer integration takes place via the Microsoft Partner Center. A connection link is generated for each customer, which can be used either by the customer themselves or by the IT service provider to complete authentication and grant permissions. The prerequisite is that the partner has the necessary admin access to the end customer’s tenant. In the initial tests, partners confirmed this approach as a common and practical process.
Customers who are not available in the Partner Center currently cannot yet be integrated. However, this option is planned for further development.
All Data Available via the lywand API
The new M365 Security information is not only available in the platform but can also be accessed via the API. This makes it possible to integrate the information into existing processes, dashboards, or custom analyses.
Public Beta: Test Now and Share Feedback
The new M365 Security feature is currently in Public Beta and can be tested by all partners free of charge until July 31, 2026.
Feel free to try out the new feature and share your practical feedback with us. We are particularly interested in which information delivers the greatest value in your day-to-day customer support and which functions you would like to see in the next iterations.
Not a lywand partner yet?
