Run Your First Scan
Once your tenant is connected, you can run a scan immediately from the dashboard.
Choosing a scan type
Aether365 supports three scan options. Click Run Scan in the top-right of the dashboard to see a dropdown with:
Compliance scan
Tests your tenant against established security benchmarks:
- CIS Microsoft 365 Foundations Benchmark - 100+ controls across identity, data, email, applications, and audit logging
- EIDSCA (Entra ID Security Config Analyzer) - in-depth Entra ID configuration checks
- CISA SCuBA - U.S. Cybersecurity and Infrastructure Security Agency's M365 security baseline
Each check returns one of three results: Passed, Failed, or Skipped (when the check is not applicable to your configuration).
Exposure scan
Analyzes your tenant settings for risky or misconfigured states across M365 services. Results are grouped by service and assigned a severity: Low, Medium, High, or Critical.
Services analyzed:
| Service | What it covers |
|---|---|
| Entra ID | Identity, MFA, conditional access |
| Exchange | Email security, forwarding rules |
| SharePoint | Sharing settings, external access |
| Teams | External federation, guest access |
| Defender | Threat protection, safe links |
| Intune | Device configuration policies |
| M365 | General Microsoft 365 settings |
Full scan
Runs both a compliance scan and an exposure scan simultaneously. This is the most comprehensive option and produces two separate result sets you can review independently.
Starting a scan
- From the dashboard, click Run Scan in the top-right corner.
- Select the scan type from the dropdown: Compliance scan, Exposure scan, or Full scan.
- The scan starts immediately.
If you have multiple tenants connected, the scan runs against the currently active tenant shown in the tenant switcher (top navigation bar).
The dashboard displays an active scan banner with a pulsing indicator showing the scan type, when it started, and whether it was triggered manually or by the scheduler. Click View scan on the banner to go to the scan detail page.
TIP
You do not need to keep the browser open. The scan runs in the background and you receive an email when it completes.
What to expect
Scans typically complete in 10 to 15 minutes. The exact duration depends on the size of your tenant and the number of users, groups, and policies.
During the scan:
- Aether365 authenticates to your tenant using the read-only service principal
- Reads configuration data across the selected services
- Evaluates each check against the benchmark or exposure rule
- Writes results to your dashboard
- Sends an email summary to your registered address
The scan detail page shows a phase progress indicator while the scan is running: initialization, scanning, analysis, completion.
After the scan
When the scan completes, the dashboard updates with your results. Click the completed scan in the recent activity table or navigate to Scans in the sidebar to see all your scans.
Compliance scan results
The compliance scan detail page shows:
- A large security posture score (percentage of checks passed) with a status label: Excellent, Good, Needs attention, or Critical risk
- A change indicator showing the score delta compared to your previous scan
- A stacked bar showing passed, failed, and skipped counts visually
- Framework tiles (All, CIS, EIDSCA, CISA) - click a tile to filter results by framework. Each tile shows its own check count and pass rate ring
- Check results grouped by section (e.g. CIS 1.1 Account and Authentication, CIS 5.1 Auditing) with expandable rows showing control ID, title, severity, and remediation guidance
- A download button for the full report
Exposure scan results
The exposure scan detail page shows:
- A risk overview card with a risk label (High risk, Medium risk, Low risk), counts of high-risk, medium-risk, secure, and incomplete findings, and a stacked bar
- Service tiles (All, Entra ID, Exchange, SharePoint, Teams, Defender, Intune, M365) - click a tile to filter by service. Each tile shows its finding count and any high-risk findings
- Result tabs: All, Failed (Exposed), Passed (Secure), Skipped
- Expandable finding cards showing title, service, risk level, status, and remediation steps
Remediation on Pro and Enterprise
Detailed remediation steps are available on Pro and Enterprise plans. Free plan users see the check result and a prompt to upgrade for remediation guidance.
Scan statuses
| Status | Meaning |
|---|---|
| Completed | Scan finished successfully |
| Running | Scan is currently in progress |
| Pending | Scan is queued and will start shortly |
| Failed | Scan did not complete - see Scan Failures |
| Cancelled | Scan was manually cancelled before completing |
See Reading Results for a full walkthrough of how to interpret your scan results.