Running Assessments
How to run compliance assessments in Securtea
assessmentcomplianceevaluationframeworks
Running Assessments
Compliance assessments evaluate your Microsoft 365 configuration against security frameworks. Learn how to run on-demand and scheduled assessments.
Prerequisites
Before running an assessment, ensure:
- Microsoft 365 connected - App registration configured and working
- Permissions granted - Required Graph API permissions are consented
- Framework selected - Know which framework(s) to assess against
On-Demand Assessment
Starting an Assessment
- Navigate to Compliance in the sidebar
- Click the Run Assessment button
- Configure the assessment options
- Click Start Assessment
Assessment Options
Framework Selection
Choose one or more frameworks to assess:
- CIS Microsoft 365 Foundations
- NIST 800-53
- SOC 2
- ISO 27001
Multi-framework assessments share data collection, making them more efficient than running separately.
Scope Options
Customize what to include:
| Option | Description |
|---|---|
| All Controls | Evaluate every control in selected frameworks |
| Critical Only | Focus on critical and high severity controls |
| Failed Only | Re-evaluate only previously failed controls |
Evidence Collection
Control evidence gathering:
| Option | Description |
|---|---|
| Full Evidence | Collect detailed evidence for all controls |
| Summary Only | Collect minimal evidence for faster assessment |
Assessment Progress
Once started, you'll see:
- Progress bar - Percentage of controls evaluated
- Current phase - Data collection, evaluation, or reporting
- Control status - Real-time pass/fail updates
- Estimated time - Approximate completion time
Assessment Duration
Typical assessment times:
| Scope | Duration |
|---|---|
| Single framework (CIS) | 2-5 minutes |
| Multiple frameworks | 3-7 minutes |
| Large tenant (1000+ users) | 5-10 minutes |
| Failed controls only | 1-2 minutes |
Scheduled Assessments
Setting Up a Schedule
- Go to Compliance > Settings
- Click Assessment Schedule
- Configure the schedule
- Click Save
Schedule Options
Frequency
| Option | When It Runs |
|---|---|
| Daily | Every day at specified time |
| Weekly | Specified day and time |
| Monthly | Specified date and time |
Time Configuration
- Time: Select the hour (in your time zone)
- Day: For weekly, select the day of week
- Date: For monthly, select the day of month
Schedule Examples
Daily Morning Assessment
- Frequency: Daily
- Time: 6:00 AM
- Frameworks: CIS, NIST
Weekly Compliance Review
- Frequency: Weekly
- Day: Monday
- Time: 8:00 AM
- Frameworks: All
Monthly Audit Preparation
- Frequency: Monthly
- Date: 1st
- Time: 12:00 AM
- Frameworks: SOC 2
Managing Schedules
| Action | How To |
|---|---|
| Pause | Toggle schedule to inactive |
| Resume | Toggle schedule to active |
| Modify | Click Edit on the schedule |
| Delete | Click Delete (with confirmation) |
Assessment Results
Viewing Results
After an assessment completes:
- Click the notification or go to Compliance > History
- Select the assessment run
- Review the summary and details
Results Overview
The results page shows:
- Overall Score - Compliance percentage
- Status Breakdown - Passed, failed, manual review, N/A
- Severity Distribution - By critical, high, medium, low
- Framework Summary - Per-framework scores
Drilling Into Details
Click on any framework or theme to see:
- Individual control results
- Evidence collected
- Remediation guidance
- Historical comparison
Re-Running Assessments
When to Re-Run
Re-run assessments when:
- You've remediated failed controls
- Configuration changes were made
- Significant time has passed
- Before an audit or review
Re-Run Options
Full Re-Assessment
- Evaluates all controls fresh
- Updates all evidence
- May show new failures or passes
Failed Controls Only
- Re-evaluates only previously failed controls
- Faster execution
- Useful after targeted remediation
Troubleshooting
Assessment Won't Start
Cause: Connection issue or permissions problem.
Fix:
- Go to Settings > Integrations
- Click Test Connection
- If failed, review app registration
- Ensure admin consent is granted
Assessment Stuck
Cause: Large tenant or API rate limiting.
Fix:
- Wait 10-15 minutes for completion
- If still stuck, cancel and retry
- Consider running during off-peak hours
Missing Controls
Cause: Controls may require specific licenses or configurations.
Fix:
- Check if the feature is enabled in your tenant
- Verify required licenses are assigned
- Some controls are marked N/A if not applicable
Inconsistent Results
Cause: Configuration changed between assessments.
Fix:
- Compare assessment timestamps
- Review drift events for configuration changes
- Note that some Microsoft data has propagation delays
Best Practices
Assessment Frequency
| Scenario | Recommended Frequency |
|---|---|
| Active remediation | Daily |
| Stable environment | Weekly |
| Compliance maintenance | Monthly |
| Pre-audit preparation | On-demand |
Framework Strategy
- Start with CIS - Most M365-specific guidance
- Add NIST/SOC 2 - For broader compliance needs
- Include ISO - If pursuing certification
Evidence Management
- Run with full evidence before audits
- Use summary mode for routine checks
- Export evidence for offline review
What's Next?
- Understanding Results - Interpret your assessment data
- Assessment History - Track compliance over time
- Generating Reports - Create compliance reports