HomeServicesWhat We Audit PricingAboutContact → Book Free Call
Audit Scope

Every check is backed
by raw API data.

We don't ask your MSP how things are going. We pull the data ourselves from Microsoft Graph API and your RMM platform and tell you what we find.

Microsoft Graph API Datto RMM API NinjaRMM API ConnectWise API Invoice Analysis
Category 01

Microsoft 365 Licensing & Security

License mismanagement is the single most common finding in our audits. Departed employees still licensed. Seats purchased but never assigned. Wrong tiers. And security configurations that haven't been touched since onboarding.

We pull directly from Microsoft Graph API using read-only credentials — the same data source your MSP uses to manage your environment.

License Assignment vs. Billing
Cross-reference purchased seats against assigned seats per SKU. Identify monthly waste.
Common finding
Inactive User Accounts (90+ days)
Active, licensed accounts with no recent sign-in represent both waste and a security risk.
Common finding
MFA Enrollment — All Users
Percentage of users with MFA registered. Target: 100%. Below 95% = HIGH risk rating.
Frequent gap
Admin Role Assignments
Who holds Global Admin and other privileged roles? Are MSP service accounts over-privileged?
Frequent gap
Conditional Access Policies
Are CA policies configured and enforced? Absence of CA policies is a CRITICAL security finding.
Common finding
Mailbox Forwarding Rules
Auto-forward rules to external addresses are a leading indicator of account compromise or data exfil.
Occasional
Microsoft Secure Score
Benchmark your tenant security against Microsoft's recommendations and industry average.
Benchmarked
Legacy Authentication Protocols
Basic auth should be blocked for all users. Still active in many tenants years after it should have been disabled.
Common finding
Category 02

Endpoint Management & RMM Health

Your MSP's RMM platform is the foundation of everything they claim to manage. But devices drop off agent coverage. Patches get skipped. Alerts sit unresolved for weeks. None of this shows up in their monthly reports.

We pull directly from your RMM API — Datto, NinjaRMM, ConnectWise Automate, and others — and give you the unfiltered picture.

Agent Deployment Coverage
Are all contracted devices actually running the RMM agent? Unmanaged devices are a blind spot.
Frequent gap
Agent Last Check-In (24h / 7d)
Agents not checking in mean the device isn't being monitored, patched, or backed up.
Common finding
Patch Compliance Rate
% of devices with all approved patches applied. Target: 95%+. We see sub-70% regularly.
Common finding
Critical Patches Pending
Count of devices with critical-severity patches outstanding. Each one is a known vulnerability.
Common finding
Antivirus / EDR Status
Is AV active and reporting on all devices? Expired or disabled AV is billed but not protecting.
Frequent gap
Disk Encryption Status
BitLocker / FileVault on all devices? Unencrypted devices create major data breach liability.
Common finding
Open Alert Age
Alerts open 7+ days are an SLA breach. We count them and calculate average resolution time.
Common finding
Category 03

Backup & Recovery Verification

Backup failures are one of the most dangerous and most commonly hidden issues in managed IT. A failed backup shows as green in many dashboards unless someone specifically looks for failure logs. We look.

We review the last 90 days of backup job history for all managed servers and critical endpoints, and verify retention policies match what you're paying for.

Backup Job Success Rate (90 days)
What % of scheduled backup jobs completed successfully? We calculate per-device success rates.
Frequent gap
Last Successful Backup Date
When did each protected device last complete a verified backup? Anything over 48h is a risk flag.
Common finding
Retention Policy Verification
Are retention periods matching your contract? Shorter retention = reduced recovery options.
Checked
Scope Coverage
Are all systems that should be backed up actually enrolled? Missing systems are common.
Frequent gap
Off-Site / Cloud Replication
Are backups replicating off-site or only stored locally? Local-only backup has no disaster recovery value.
Checked
Category 04

Billing Accuracy & Contract Compliance

The most financially impactful section of every audit. We reconcile every line item on your MSP invoices against independently verified delivery data. If you're being billed for 50 managed devices but only 42 have active agents — you're being overbilled.

We also review your MSP contract to ensure the services being delivered match the scope you're paying for.

Device Count Reconciliation
Billed device count vs. verified active agent count. Overbilling of 10–25% is common.
Common finding
M365 License Reseller Markup
What are you paying per license vs. Microsoft's published CSP pricing? We identify excessive margins.
Frequent gap
Billed Services Delivery Verification
Security awareness training billed but no users enrolled. Backup billed but scope is wrong. We find it.
Common finding
SLA Compliance Review
Does your MSP contract define SLAs? Are they being met based on alert response time data?
Frequent gap
Contract Auto-Renewal Terms
Many MSP contracts auto-renew for 1–3 years with notice requirements. We flag upcoming windows.
Checked
Documentation Ownership
Do you own your passwords and network documentation, or is it locked in MSP-controlled tools?
Frequent gap
Start Your Audit

Ready to see what we find?

Most audits uncover at least one significant finding. Many find multiple. Book a call and we'll tell you what we typically find in companies your size.

Book Free Discovery Call View Pricing