Free Microsoft 365 Security Tools for IT Administrators and MSPs

Six free tools that surface what Microsoft publicly exposes about any M365 tenant — confirmed entirely from public DNS signals and certificate logs. No Microsoft credentials required. Built for MSPs performing client security assessments and IT admins who want to know what attackers can see before they do. Including the SharePoint and OneDrive Anonymous Link Tester

Free tools — no login required

Free Microsoft 365 Tenant Security Tools

Six free tools for IT administrators and MSPs to surface what Microsoft publicly exposes about any M365 tenant — detected entirely from public DNS signals and certificate logs. No Microsoft credentials required.

No login required

Instant results

Nothing stored

PDF reports

Six free tools that surface what Microsoft publicly exposes about any M365 tenant — detected entirely from public DNS signals and certificate logs. No Microsoft credentials required. Designed for MSPs performing client security assessments and IT admins checking their own exposure before an attacker does.

M365 Tenant Security Check

9 DNS signals, confidence rating

M365 Email Security Posture

M365-specific SPF, DKIM, DMARC

SharePoint Anonymous Link Tester

Test if sharing links are truly public

Subdomain Discovery Tool

Certificate transparency log scan

Email Spoofing Risk Checker

Impersonation risk score 1-5

Legacy Authentication Detector

OWA, IMAP, hybrid Exchange

M365 Tenant Security Check

Email Security Posture

SharePoint Link Tester

Subdomain Discovery

Email Spoofing Risk

Legacy Auth Detector

Free Microsoft 365 Tenant Security Check — M365 Exposure Audit

Checks 9 DNS signals to confirm M365 tenancy and surface which Microsoft services are publicly detectable — Exchange Online, Teams, Intune, Entra ID device join and more. Shows exactly what an attacker can discover about this tenant before launching an attack.

Why we check this: Every DNS record that confirms M365 usage is public intelligence. Attackers query these during reconnaissance to map services, confirm cloud infrastructure, and identify attack surfaces before targeting an organisation. This tool shows you what they find.

Link copied!

See what is exposed inside the tenant — OAuth apps, sharing links, forwarding rules

Try Exposure Monitor free

Microsoft 365 Email Security Posture — M365 Domain Security Assessment

Combines SPF, DKIM, DMARC and MX analysis with M365-specific intelligence to assess whether EOP is active, whether Defender is likely deployed, whether SPF is approaching the lookup limit, and whether third-party senders are correctly configured.

Why we check this: Email is the primary attack vector for phishing and business email compromise. A domain with weak authentication is trivial to impersonate. This tool surfaces the specific gaps in your M365 email configuration that attackers look for.

Link copied!

Protect M365 tenants with API-native email security — no MX changes required

See Sabiki Email Security

SharePoint and OneDrive Anonymous Link Tester — Check if Sharing Links are Public

Paste a SharePoint or OneDrive sharing link to test whether it is genuinely accessible to anyone on the internet without authentication. Shows HTTP access status, identifies the file type, and gives specific remediation steps.

Why we check this: Anonymous sharing links have no expiry by default and no audit trail. Files shared by employees who have left the company remain accessible indefinitely. A link shared in a Slack message, email forward, or browser history can expose sensitive documents to anyone who finds it.

This tool tests a single link. Sabiki Exposure Monitor scans your entire tenant and surfaces every anonymous share — including forgotten ones on sensitive files. Try it free

Find every anonymous share across your entire M365 tenant

Try Exposure Monitor free

Free Subdomain Discovery Tool — Certificate Transparency Log Scanner

Queries public Certificate Transparency logs to surface every subdomain that has ever had an SSL certificate issued — revealing forgotten admin portals, legacy systems, shadow IT, and unmanaged infrastructure that attackers find during reconnaissance.

Why we check this: Certificate Transparency logs are permanently public and searchable by anyone, including attackers. Every subdomain ever issued an SSL certificate is logged. Attackers query crt.sh during pre-attack reconnaissance to discover forgotten high-value targets — old HR portals, legacy CRMs, test environments — that IT teams have forgotten about but are still live and unpatched.

Link copied!

Want to see what is exposed inside the tenant — not just at the surface?

Try Exposure Monitor free

Email Spoofing Risk Checker — Domain Impersonation Risk Assessment

Answers the question every IT admin and CISO should ask: how easy is it right now for an attacker to send a convincing email appearing to come from this domain? Scored 1-5 with a plain-English verdict and the exact attacker steps for the current configuration.

Why we check this: Business Email Compromise attacks cost organisations billions annually. Most succeed not because of sophisticated malware but because the target domain has weak or missing email authentication — making it trivial to spoof a CEO, finance director, or trusted supplier. This tool tells you exactly how hard or easy that is for any domain right now.

Link copied!

Protect M365 tenants from phishing and BEC with API-native email security

See Sabiki Email Security

Microsoft 365 Legacy Authentication Detector — Hybrid Exchange Security Check

Detects DNS patterns indicating incomplete M365 migration, active on-premises Exchange servers, OWA endpoints, IMAP and POP3 services, and SMTP relays — all of which may accept Basic Authentication that bypasses MFA entirely.

Why we check this: Legacy authentication protocols bypass Multi-Factor Authentication entirely. An attacker with a stolen password can sign in via IMAP, POP3, or OWA even if MFA is enforced. Microsoft has been disabling legacy auth globally but many hybrid tenants still have it active — often unknowingly. This tool surfaces those indicators from public DNS.

Link copied!

Get the full M365 security posture of any tenant — identity, exposure, and email

Try Sabiki free

About these free Microsoft 365 security tools

These tools are provided free by Sabiki, a Microsoft 365 security platform for MSPs and IT administrators. All checks run entirely in your browser using the Cloudflare public DNS-over-HTTPS resolver and the crt.sh public Certificate Transparency API. No domain names or results are stored by Sabiki.

The Microsoft 365 tools cover tenant discovery and exposure assessment, M365-specific email security posture, SharePoint anonymous link testing, subdomain discovery from certificate transparency logs, email spoofing risk assessment, and legacy authentication and hybrid Exchange detection.

Related Sabiki resources

Sabiki Email Security for Microsoft 365 Tenant Shield — SSPM for M365 Exposure Monitor Sabiki for MSPs Security blog Start free trial