Reading Scan Results
Aether365 has two distinct scan result pages: one for compliance scans and one for exposure scans. This guide explains how to navigate and interpret both.
Compliance scan results
Score section
At the top of the compliance result page:
- A large percentage score showing the pass rate
- A status label: Excellent (90%+), Good (70-89%), Needs attention (50-69%), or Critical risk (below 50%)
- A stacked bar with passed (green), failed (red), and skipped (gray) segments
- A legend showing the exact count for each category
Framework selector
Below the score, a row of horizontal tiles lets you filter results by framework:
| Tile | What it covers |
|---|---|
| All | Every check from all frameworks |
| CIS | CIS Microsoft 365 Foundations Benchmark controls |
| EIDSCA | Entra ID Security Config Analyzer checks |
| CISA | CISA SCuBA baseline controls |
| Other | Checks not mapped to a specific framework |
Each tile shows the framework name, total check count, and a small ring indicator showing its pass rate. Click a tile to filter the results below.
Check results
Results are grouped by section (e.g. "1.1 Account and Authentication", "5.1 Auditing"). Each section group shows:
- The section title with a mini ring indicator of its pass rate
- A list of individual checks within that section
Each check row shows:
| Element | Description |
|---|---|
| Status icon | Green checkmark (passed), red X (failed), gray minus (skipped), or red alert (error) |
| Control ID | The check identifier (e.g. AE.1001, CIS.M365.1.1.1) |
| Title | What was checked |
| Severity chip | Critical, High, Medium, or Low |
Click a check row to expand it and see the full details, including remediation steps and external reference links.
Download
Click the Download button in the header to download the full scan report.
Exposure scan results
Risk overview
At the top of the exposure result page:
- A risk label with a pulsing indicator: High risk, Medium risk, or Low risk
- Counts for high risk, medium risk, secure, and incomplete findings
- A stacked bar showing the distribution of these categories
Service selector
A row of horizontal tiles lets you filter results by M365 service:
| Tile | Icon | What it covers |
|---|---|---|
| All | - | Every finding across all services |
| Entra ID | Users | Identity, MFA, conditional access |
| Exchange | Email security, forwarding, transport rules | |
| SharePoint | Globe | Sharing settings, external access |
| Teams | Message | External federation, guest access |
| Defender | Shield | Threat protection, safe links, anti-phishing |
| Intune | Laptop | Device configuration policies |
| M365 | Grid | General Microsoft 365 settings |
Each tile shows the service name, total finding count, and any high-risk finding count. Click a tile to filter.
Result tabs
Four tabs let you filter by status:
- All - every finding
- Failed (Exposed) - findings where a risky configuration was detected
- Passed (Secure) - findings that are correctly configured
- Skipped - findings that could not be evaluated
Finding cards
Each finding is displayed as an expandable card showing:
| Element | Description |
|---|---|
| Status icon | Green check (secure), red X (exposed), gray minus (skipped) |
| Title | What was analyzed |
| Service chip | Which M365 service this finding belongs to (color-coded) |
| Risk level chip | HIGH or MED for failed findings |
| Status label | Secure, Exposed, Error, or Skipped |
Click a finding to expand it. The expanded view shows:
- Remediation steps explaining how to fix the issue (Pro and Enterprise plans)
- Help URL linking to external documentation
- A left border color indicating severity: red for high risk, orange for medium risk
Remediation on Pro and Enterprise
Detailed remediation guidance is available on Pro and Enterprise plans. Free plan users see the finding status and a prompt to upgrade.
What each result means
Passed / Secure
The control is correctly configured. No action needed.
Failed / Exposed
The control is not met. Aether365 detected a configuration that does not match the expected value. Failed checks include remediation steps explaining what to change.
Skipped
The check did not run because it is not applicable. Common reasons:
- The required Microsoft 365 license is not present (e.g. a Defender P2 check skips on P1)
- The feature being checked is not available in your tenant configuration
- A prerequisite check could not determine the base configuration
Skipped checks do not affect your score.
Error
The check encountered an unexpected problem during evaluation. The scan completed, but this specific check could not produce a result.
Severity reference
| Severity | Risk level | Typical example |
|---|---|---|
| Critical | Direct exploitation path or active attack vector | Legacy authentication enabled, MFA not required for admins |
| High | Significant risk that should be remediated promptly | No conditional access baseline, mailbox auditing disabled |
| Medium | Risk mitigated by compensating controls | Non-default sharing settings, audit log retention below recommended |
| Low | Best practice deviation, lower immediate risk | Password expiry policy, minor notification settings |
Tracking changes over time
The Scans page (sidebar) includes a posture timeline chart when you have two or more completed scans. This chart plots your pass rate over time with separate lines for compliance (blue) and exposure (rose) scans.
The chart shows your best, average, and worst rates. Click any data point to jump to that scan's detail page. Use this to verify that remediation work improved your score and to catch regressions after configuration changes.
Exporting results
From any scan detail page, click the Download button in the header to download the report. For CSV export, go to the Scans page and click Export CSV in the header.
See Exporting Results for API-based export options.