Built for nonprofit organizations

Free Microsoft 365 Audit for Nonprofits

Nonprofits face the same cyber threats as large enterprises — often with smaller IT teams and tighter budgets. Run a free, read-only audit of your Microsoft 365 tenant and get a plain-language HTML report with prioritized fixes for your mission-critical data.

Start free audit View sample report

Your nonprofit's Global or Security Administrator signs in once to grant read-only access. We never change anything in your tenant.

How it works

No cost, no sales call required. Designed for executive directors, volunteer IT leads, and nonprofit admins who need answers fast — without risking accidental changes to email, files, or accounts.

1

Sign in with your nonprofit admin account

Use your organization's Microsoft 365 Global or Security Administrator credentials.

2

Grant read-only access

We review settings and security data only. Your tenant configuration stays untouched.

3

Get your report by email

Share results with your board or IT volunteer, then sign in anytime to run an updated audit.

What we check for nonprofits

Practical coverage aligned with how nonprofits actually use Microsoft 365 — email, shared accounts, shadow IT, login behaviors, application access, and more.

Identity & MFA

Staff and volunteer MFA coverage, inactive accounts, admin roles, and Conditional Access.

Email & Defender

Shared mailboxes, forwarding rules, phishing protection, and Safe Links where licensed.

Apps & shadow IT

Consented apps, risky permissions, and AI tools connected to your nonprofit tenant.

Sample report

A fictional nonprofit example showing how findings are prioritized. Your report includes action items, baseline checks, and detailed sections you can share with leadership or your IT volunteer.

62%

Hope Community Foundation

Sample nonprofit report — fictional organization

  • 47 active users
  • 12 groups
  • 3 verified domains
  • 62% Microsoft Secure Score
Critical
12 staff accounts without MFA
Protect donor and beneficiary data with Conditional Access.
High
3 third-party apps with broad access
Review OAuth consents — common shadow IT risk for nonprofits.
High
2 shared mailboxes with sign-in enabled
Shared mailboxes should stay sign-in disabled and unlicensed.
High
Mail forwarding to external addresses
Review forwarding rules that send mail outside your organization.
Medium
5 inactive accounts still licensed
Reclaim licenses and reduce risk from stale accounts.
Medium
Business Basic licenses in use
Consider Business Premium for stronger nonprofit security when budget allows.
Pass
Unified audit log enabled
Pass
Conditional Access policies in place
Pass
Admin consent required for new apps

Protect your mission's data

Thousands of nonprofits rely on Microsoft 365 for email, documents, and collaboration. This free audit helps you see gaps before they become incidents — at no cost to your organization.

Start free audit

A free service from Good Heart Tech, a nonprofit helping nonprofits with technology.