Microsoft 365 Evidence

When someone asks “prove it”
hand them this.

We snapshot your Microsoft 365, evaluate 361 settings against two governance standards, and package it into a professional evidence binder. Offline. Portable. Ready to hand to an insurer, auditor, or client reviewer.

Book a quick call → See a sample binder
Read-only No changes to your tenant Offline & portable
Without PROVE
📧Re: MFA evidence?Can you resend that screenshot?
📁Screenshots (3)MFA_proof_v2_FINAL_revised.png
📄Vendor Questionnaire.xlsx“Describe your email security”
💬#compliance“Anyone have the CA export?”
Renewal in 18 daysUnderwriter still waiting
With PROVE
📦PROVE_Contoso.zipOne file. Open in any browser.
START_HERE.html
 📄 evidence-binder/index.html
 📄 scorecard.html
 📄 worklist-evidence-required.csv
 📁 evidence-pack/
 🔒 checksums.sha256
 🔒 chain-of-custody.html
361 controls • 2 standards • tamper-evident
The problem
Three conversations. Zero good answers.
INSURANCE RENEWAL

“Show us your MFA and email security posture.”

Your insurer sends a questionnaire. You spend a week pulling screenshots, writing narratives, and hoping it’s enough. Next year, you do it all over again.

CLIENT DUE DILIGENCE

“Can you demonstrate your security controls?”

A prospect or existing client asks for proof. You rewrite the same answers for every questionnaire—and nobody can verify any of it.

MSP TRANSITION

“What’s the current state of our tenant?”

You’re switching IT providers, or you just hired one. Someone should look at what’s there—and that someone shouldn’t be the one grading their own work.

PROVE replaces the scramble.

Instead of pulling screenshots and writing cover letters, you hand the reviewer a single evidence binder that shows exactly what’s configured, what passed, what didn’t, and what needs human follow-up. Built from a read-only snapshot. Same evidence in, same outcomes out. They can verify it without trusting you.

361

Controls evaluated

2

Governance standards

1

Portable ZIP file

0

Changes to your tenant

What lands on your desk
One ZIP. Open in any browser. No portal, no login.

  • Evidence Binder

    The thing your reviewer reads. Clean outcomes for every control, with the reasoning and evidence references behind each one. Opens offline in a browser.

  • Governance Worklists

    Anything that needs human follow-up (a policy document, a signed statement, a manual export) gets its own checklist entry with exactly what to provide.

  • Evidence Pack

    The raw exports from your tenant, checksummed and chain-of-custody documented. A reviewer can trace any outcome back to the source data.

  • Integrity Artifacts

    SHA-256 checksums, chain of custody, and delivery is blocked automatically if any in-scope evidence couldn’t be collected. No partial binders.

📦
One ZIP file

Extract it. Open START_HERE.html.
Everything your reviewer needs is inside.

Works offline Any browser No login required
How it works
Five steps. Nothing touches your tenant.

If evidence is blocked at any point, we stop and tell you why. We don’t ship a binder built on gaps.

1

Scope

Agree what we’re checking and what we’re not.

2

Collect

Read-only export of your M365 configuration.

3

Evaluate

Findings tested against both governance standards.

4

Package

Binder, worklists, evidence, and integrity artifacts.

5

Deliver

You get a ZIP. Follow-up items get a worklist.

Pricing
Fixed price. No hourly. No surprises.

One run, one price, one binder you can hand over.

PROVE
A point-in-time evidence binder for your Microsoft 365 tenant. The thing you hand to the reviewer.
$995
Per assessment. Flat. No tiers.
  • Offline evidence binder
  • Worklists with specific action items
  • Evidence pack with raw exports
  • Integrity artifacts (checksums + custody)
  • 361 controls, two governance standards
Need help acting on what PROVE finds? Remediation and governance support are available as separate engagements.

What PROVE is not.

Not a pen test. Not a vulnerability scan. Not a certification or legal opinion. Not a guarantee your insurer will say yes. Not a dashboard, a portal, or a SaaS subscription. Not an MSP, a SOC, or a helpdesk. We show what’s there. If you want fixes, that’s a separate conversation.

FAQ
Common questions
What exactly do you look at?
Accounts and access, email protection, files and sharing, data management, Teams and collaboration, application permissions, audit logs, and devices (if in scope). All read-only. We export evidence from the Microsoft 365 admin APIs and evaluate it against CIS Microsoft 365 Foundations Benchmark v3 and the JGS 365 Governance Benchmark.
What access do you need?
Read-only admin access—enough to export configuration and logs. If we can’t collect what’s in scope, we stop and tell you what’s missing. We don’t ship a binder with holes in it.
Do you change anything in our Microsoft 365?
No. PROVE is “show me, don’t touch.” If you want changes afterward, that’s a separate engagement with its own approved scope.
How long does it take?
Evidence collection takes hours, not weeks. After the run, you receive your binder and worklists. The timeline depends mostly on scheduling and prerequisites, not the work itself.
We already use Secure Score / Defender dashboards. Why this?
Dashboards help you manage your environment day-to-day. But when someone outside your organization asks for proof, they need something they can read and verify independently—without logging into your tenant. That’s what the binder is.
Is this a certification?
No. PROVE produces evidence and governance determinations. It is not a certification, legal attestation, or guarantee. Auditors and underwriters apply their own judgment—we give them organized, verifiable evidence so that review goes faster.
What if some items need follow-up?
They go on a worklist. Some controls require a policy document, a signed statement, or a manual export that a machine can’t pull automatically. Each worklist entry tells you exactly what to provide and what “done” looks like.
Jeremiah Spears
Jeremiah Spears
Founder • JGS Cloud Compliance

Most firms don't fail scrutiny because they did "nothing." They fail because the proof is scattered: a dashboard here, a screenshot there, a different story depending on who answers the email.

Stop scrambling. Start handing it over.

Short call. We confirm fit, agree scope, schedule the run.

Book a call → Email us