Skip to content
Cyphonica

Headline service

Microsoft 365 & Copilot Readiness Assessment

Switch Copilot on without leaking what it shouldn't see.

A tenant that is provably ready for Copilot, with the standard fixes applied and a written report you can hand to leadership.

Get a quote Book a scoping call

Who this is for

  • NZ businesses about to roll out Microsoft 365 Copilot
  • Tenants that have grown organically over years and have never had a permissions sweep
  • Boards or owners who need an independent sign-off before flipping the switch

What we actually do

  1. MFA and conditional access across all users
  2. Admin role assignments - Global Admins, break-glass accounts, anyone with more than they need
  3. External guests - who they are, last sign-in, what they can reach
  4. SharePoint and OneDrive sharing - every external link, anonymous link, over-shared document
  5. Teams and M365 groups - public vs private, guest membership, orphaned groups
  6. Email forwarding rules to external addresses
  7. Sensitivity labels and DLP - what's there, what's missing, what Copilot needs
  8. Copilot-specific: Restricted SharePoint Search, audit logging, OneDrive provisioning, license fit

What you get

  • Written report with every finding rated Critical / High / Medium / Low
  • Standard fixes applied (sharing defaults, stale guests, risky links, audit logging, admin MFA)
  • Walkthrough call at the end
  • Written confirmation that the temporary admin account has been deleted
  • Anything bigger (full sensitivity-label rollout, SharePoint restructure) flagged and quoted before it is touched

Pricing

$2,500 + GST fixed for a tenant under 10 users. Larger tenants and complex remediation scoped on request. Typical engagement lands between $2,500 and $5,000 + GST.

Timeline

Start the moment access lands. Findings report next morning. Fixes and walkthrough inside 48 to 72 hours.

How we get access

Temporary read-only admin account, three read-only roles only, never Global Admin. 15-minute setup using the access doc we provide. Account is deleted at the end with written confirmation. Everything we do is logged on your side and visible to you the whole way through.

Common questions

Do you ever need Global Admin?
No. Three read-only roles are enough for the audit. If a fix needs elevation, we get explicit sign-off and a time-boxed elevation, then it goes back.
How is my data handled?
No tenant data leaves your tenant. Findings live in our local engagement notes, encrypted at rest, deleted on request after the walkthrough.
What if you find something serious?
You hear about it the same hour, before the report is finished. Critical findings are not held back for the deliverable.

Ready to scope this?

Send us your details. We come back with a fixed price and a start date.

Get a quote