m365 · security · remediation · managed

Run a real check on your Microsoft 365 tenant — before something else does.

Sentavo runs the same class of assessment enterprise governance platforms charge $200-300/mo for — fixed-price, no contract, no sales call to even see output.

// no login · no agent install · nothing leaves this browser tab

sentavo@snapshot:~$ ./tenant-check --interactive

MFA enforced for every admin account?

Departing employees disabled same-day?

External users can join Teams/SharePoint unapproved?

Written record of admin access holders exists?

External mail-forwarding rules monitored?

why-this-exists.md

Governance platforms were compiled for 4,000-seat orgs. Most companies aren't that build target.

The category leaders are genuinely solid — priced and packaged for a dedicated M365 admin team and a procurement department. That leaves a gap for everyone else.

$0

cost to run the snapshot above — no demo booking required for a first read.

fixed

assessments quoted as one flat number, not a recurring per-seat license.

closed

a finding nobody fixes isn't a finding — implementation work included.

tools/

Nothing here requires a sales call

Self-serve checks you can run right now. More get added as they're built.

live

tenant-snapshot

five questions, scored instantly — mfa, offboarding, guest access, mail forwarding.

./run ↓
live

mx-lookup

check mail routing records for any domain.

./run ↓
live

spf-lookup

validate spf record and flag common misconfigurations.

./run ↓
live

dmarc-lookup

check dmarc policy — flags p=none (no enforcement).

./run ↓
live

dkim-lookup

check dkim record for any domain and selector.

./run ↓
soon

email-header-analyzer

paste raw headers — get sender path, spam scores, delays.

./notify-me
soon

blacklist-check

check if a mail server ip is on common blocklists.

./notify-me
soon

license-comparison

compare two m365 license skus side by side.

./notify-me

have a tool you wish existed? tell us what to build.

services.json

Four things, done properly

Start with the assessment and let the findings decide the rest.

// security-assessment

Security & Risk Review

  • M365 health check (Exchange, Teams, SharePoint, OneDrive)
  • MFA, conditional access & privileged exposure
  • Email security (spoofing, forwarding, phishing)
  • Copilot readiness check
  • Fix list ranked by risk, not page count
// remediation

Remediation

  • Address findings from your assessment
  • MFA enforcement & CA policy rollout
  • Email security config (DKIM, DMARC, anti-phishing)
  • Entra ID & guest access cleanup
  • Scoped to what your report found
// implementation

Fix & Harden

  • New tenant setup & migration
  • Backup & recovery configuration
  • Endpoint & Intune policy deployment
  • Documentation handed to your team
// managed

Managed & Ongoing

  • Monthly re-assessment
  • Implementation hours included
  • Priority response
  • Cancel anytime

process.log

How an engagement runs

[1/3] free

Snapshot

Answer five questions, or grant read-only access for the automated version.

[2/3] fixed-price

Assessment

One quoted number up front, covering config, identity, licensing, security.

[3/3] scoped

Implementation

You choose which findings to fix; each is scoped and quoted separately.

pricing.txt

Priced for a company, not a Fortune 500

Reach out to discuss scope — we'll give you a clear number before you commit to anything.

snapshot
$0

self-serve, five questions, instant result.

  • runs in your browser
  • no account needed
  • directional score only
run it
full-assessment
contact us

full security & m365 review, ~1 week turnaround.

  • automated tenant scan
  • written, prioritized report
  • 30-min walkthrough call
book it
managed
contact us

recurring re-assessment + implementation retainer.

  • recurring re-assessment
  • implementation hours included
  • cancel anytime
ask about it

about.md

Built by one IT person, for companies who need one

Sentavo Works is a new, independent practice — not a reseller front for an enterprise platform. Reports are written by the same person doing the work.

  • No vendor lock-in. Findings and configuration docs handed over in full.
  • No upsell ladder. The assessment isn't a trojan horse for a subscription.
  • Plain language. Reports written for whoever runs the company.

contact.sh

Tell us where it's messy

Send a few details and we'll reply with next steps — usually within a day.

hello@sentavo.works

include: company name · what's going on with m365/security right now · rough size (seats)