“Microsoft 365 Security Policy Coverage”
Autotask PSA Datto RMM Datto Backup Microsoft 365 SmileBack HubSpot IT Glue All reports
AI-GENERATED REPORT
You searched for:
What is the security policy coverage across M365 tenants?

Microsoft 365 Security Policy Coverage

Gap analysis of security policies across your managed tenant portfolio.

Built from: M365 Lighthouse
How this report was made
1
Autotask PSA
Multiple data sources combined
2
Proxuma Power BI
Pre-built MSP semantic model, 50+ measures
3
AI via MCP
Claude or ChatGPT writes DAX queries, executes them, formats output
4
This Report
KPIs, breakdowns, trends, recommendations
Ready in < 15 min
Want to run this report against your own Autotask PSA data?
Get Proxuma Power BI

Microsoft 365 Security Policy Coverage

Gap analysis of security policies across your managed tenant portfolio.

The data covers the full scope of Autotask PSA records relevant to this analysis, broken down by the key dimensions your team needs for day-to-day decisions and client reporting.

Who should use this: NOC teams, service managers, and MSP owners monitoring backup compliance

How often: Daily for operations, weekly for management review, monthly for client reporting

Time saved
Checking backup status across all clients manually means logging into multiple consoles. This report pulls everything into one view.
Risk visibility
Backup failures are invisible until a restore fails. This report surfaces gaps before they become incidents.
Compliance evidence
For regulated clients, documented backup status is not optional. This report provides the audit trail.
Report categoryBackup & Data Protection
Data sourceAutotask PSA · Datto RMM · Datto Backup · Microsoft 365 · SmileBack · HubSpot · IT Glue
RefreshReal-time via Power BI
Generation timeUnder 15 minutes
AI requiredClaude, ChatGPT or Copilot
AudienceNOC teams, service managers
Where to find this in Proxuma
Power BI › Backup › Microsoft 365 Security Policy Coverage
What you can measure in this report
Summary Metrics
MFA Analysis by Tenant
Device Compliance Trend Over Time
Backup Risk Assessment by Client
Backup Detail by Device Type
Backup Coverage Health
Key Findings
Strategic Recommendations
Frequently Asked Questions
MFA Coverage
Conditional Access
Device Compliance
AI-Generated Power BI Report
Microsoft 365 Security Policy Coverage

Gap analysis of security policies across your managed tenant portfolio.

Demo Report: This report uses synthetic data to demonstrate AI-generated insights from Proxuma Power BI. The structure, DAX queries, and analysis reflect real MSP data patterns.
1.0 Summary Metrics
MFA Coverage
87.3%
124 of 142 tenants
Conditional Access
72.5%
103 tenants configured
Device Compliance
64.1%
91 tenants enforcing
Full Coverage
58.5%
83 tenants, all 3 policies
View DAX Query - Summary Metrics 
EVALUATE
ROW(
    "Total", COUNTROWS(BI_Microsoft_SecurityPolicies),
    "MFA", CALCULATE(COUNTROWS(BI_Microsoft_SecurityPolicies), BI_Microsoft_SecurityPolicies[category] = "MFA"),
    "Conditional Access", CALCULATE(COUNTROWS(BI_Microsoft_SecurityPolicies), BI_Microsoft_SecurityPolicies[category] = "Conditional Access")
)
2.0 MFA Analysis by Tenant

Breakdown of security policies focusing on mfa across tenants.

Contoso Ltd
95%
Fabrikam Inc
87%
Woodgrove Bank
79%
Tailspin Toys
71%
Adventure Works
63%
Litware Inc
55%
TenantMFAConditional AccessDevice ComplianceStatusLast Updated
Contoso Ltd94.2%88.1%91.3%Good2 hours ago
Fabrikam Inc91.8%85.4%87.6%Good3 hours ago
Woodgrove Bank87.3%79.2%82.1%Warning1 hour ago
Tailspin Toys82.1%74.8%78.4%Warning4 hours ago
Adventure Works78.6%71.3%74.9%Critical2 hours ago
Litware Inc96.1%92.7%94.5%Good1 hour ago

Adventure Works shows the lowest mfa coverage at 78.6%, falling below the recommended 80% threshold. Combined with Tailspin Toys at 82.1%, these two tenants represent the most significant security policies gaps in the portfolio and should be prioritized for remediation.

View DAX Query - MFA Analysis by Tenant 
EVALUATE
SUMMARIZECOLUMNS(
    BI_Microsoft_SecurityPolicies[tenant_name],
    "MFA", CALCULATE(COUNTROWS(BI_Microsoft_SecurityPolicies), BI_Microsoft_SecurityPolicies[policy_type] = "MFA"),
    "Conditional Access", CALCULATE(COUNTROWS(BI_Microsoft_SecurityPolicies), BI_Microsoft_SecurityPolicies[policy_type] = "Conditional Access")
)
ORDER BY [MFA] DESC
3.0 Device Compliance Trend Over Time

How device compliance has evolved over the past 90 days.

January
82.4%
February
85.1%
March
87.3%
MonthTotal TenantsMFA CoverageConditional Access CoverageDevice Compliance Coverage
January 202613884.1%69.6%60.9%
February 202614085.7%71.4%62.8%
March 202614287.3%72.5%64.1%

Device Compliance coverage improved from 60.9% to 64.1% over three months, a positive but modest improvement. At this rate it will take another 8 months to reach the 80% target. To accelerate, consider implementing device compliance policies as part of the standard onboarding template for new tenants.

View DAX Query - Device Compliance Trend Over Time 
EVALUATE
SUMMARIZECOLUMNS(
    BI_Microsoft_SecurityPolicies[snapshot_month],
    "TenantCount", DISTINCTCOUNT(BI_Microsoft_SecurityPolicies[tenant_id]),
    "MFACoverage", DIVIDE(CALCULATE(COUNTROWS(BI_Microsoft_SecurityPolicies), BI_Microsoft_SecurityPolicies[mfa_enabled] = TRUE()), COUNTROWS(BI_Microsoft_SecurityPolicies))
)
ORDER BY BI_Microsoft_SecurityPolicies[snapshot_month] ASC
4.0
Backup Risk Assessment by Client
Categorizing clients by backup health and device coverage.
HIGH RISK
4 entities
Performance significantly below portfolio average. Immediate action required.
MODERATE RISK
7 entities
Performance below target but stable. Review within 2 weeks.
LOW RISK
12 entities
Performance above target level. Standard monitoring sufficient.
NOT ASSESSED
3 entities
Insufficient data available for risk assessment.

The risk matrix shows that most entities fall in the low-risk category, but the high-risk group demands immediate attention. The moderate-risk group shows a declining trend that could escalate without intervention.

5.0
Backup Detail by Device Type
Granular breakdown of backup success rates.
CategoryItemsPrimarySecondaryStatus
Category A23494.2%14Healthy
Category B18789.3%20Review
Category C15691.7%13Healthy
Category D9886.7%13Review
Category E6782.1%12At Risk
Category F4595.6%2Healthy

The detailed breakdown shows clear performance differences. The bottom two categories require targeted action to improve overall portfolio health.

6.0
Backup Coverage Health
Portfolio-wide backup coverage and gap analysis.
92.4% health score
Portfolio Health
87.3% of 100%
Coverage
23 action items
Open Items

Overall portfolio health is strong at 92.4%, but the 87.3% coverage rate suggests that roughly 1 in 8 entities is not fully monitored. The 23 open action items represent a manageable backlog if addressed within 2 weeks.

7.0
Key Findings
!

Performance Gap Requires Attention

The gap between top and bottom performers is wider than expected. The bottom 20% scores more than 25 percentage points below the portfolio average, indicating structural issues that require targeted intervention.

!

Declining Trend in Moderate Risk Group

Entities in the moderate risk category show a declining trend over the past quarter. Without intervention, 3-4 of these entities may shift to the high-risk category within 60 days.

Top Performers Remain Consistent

The top 30% of the portfolio maintains stable performance above target, indicating current best practices are effective and can serve as a model for the rest.

8.0
Strategic Recommendations

1. Conduct a targeted review of all high-risk entities within 2 weeks. Document the root cause for each entity and create a remediation plan with clear deadlines and accountable owners.

2. Implement automated monitoring for the moderate-risk group. Set thresholds that trigger an alert when performance drops 5 percentage points below target, enabling early intervention before entities slip into high risk.

3. Schedule this report monthly as part of the QBR process. Use the trend data to verify that improvement initiatives are delivering measurable results across multiple quarters.

9.0
Frequently Asked Questions
What is MFA?

MFA is a security control in Microsoft 365 that helps protect tenant resources. It should be enabled for all users in production tenants.

How often is security policies data refreshed?

Security policies data syncs daily from the Microsoft Graph API. Changes typically appear within 24 hours.

What is a good mfa target?

Best practice is 100% coverage for mfa. At minimum, 95% coverage should be the target for all managed tenants.

How do we remediate security policies gaps?

Start with the lowest-coverage tenants and apply baseline security policies policies. Use security defaults as a starting point for tenants without conditional access.

Proxuma Power BI · AI-Generated Power BI Report · proxuma.io/powerbi Generated in < 15 minutes via MCP · April 2026
Related Reports
Backup
Backup Health Dashboard: Success Rates, Storage, and Device Coverage
A status check across 169 monitored devices with 175 TB of protected storage. Flags devices with backup failures, missin
Read report Backup
Backup Oversight Workload: Which Engineers Own Too Many Client Backups?
This report crosses HiBob employee data (team structure, reporting lines, span of control) with Datto Backup telemetry (
Read report Backup
Datto Backup Backup Reliability by Client
Analysis and reporting on backup reliability by client for managed service providers.
Read report Backup
N-able Cove QBR-Ready Cove Backup Report
Analysis and reporting on qbr-ready cove backup report for managed service providers.
Read report Backup
N-able Cove Cove Backup Error Rate
Analysis and reporting on cove backup error rate for managed service providers.
Read report Security
96.8% Alert Resolution Rate, But 49 Critical Alerts Remain Open
Security posture across all managed clients based on RMM alert data and ticket correlation.
Read report

Generate this report from your own data

Connect Proxuma Power BI to your PSA, RMM, and M365 environment, use an MCP-compatible AI to ask questions, and generate custom reports - in minutes, not days.

See more reports Get started