Quick Start

Connect your tenant and get your first security report in minutes.

1

Sign up and log in

Go to app.posturiq.com and sign in with your Microsoft 365 account. This is a personal login - it doesn't grant PosturIQ any access to your tenant yet.

You'll land on the Connect page after your first login.

2

Grant admin consent

Click Grant Admin Consent on the Connect page. You'll be redirected to Microsoft's consent screen.

A Global Administrator must approve this. If you're not an admin, send the link to someone who is.

What permissions are granted?
All permissions are read-only. PosturIQ reads users and sign-in activity, directory roles, conditional access and authentication policies, MFA registration status, SharePoint sharing settings, and OAuth app grants. No mailbox content, files, or user data is accessed.

3

First scan runs automatically

After consent is granted, you'll be redirected to your dashboard and your first scan starts automatically. It takes 1-2 minutes. PosturIQ checks your Microsoft 365 settings.

Email checks won't run yet - that requires the Exchange role (next step).

Enable email checks

Your first scan covers Microsoft 365 identity checks. To also scan email security settings (anti-phishing, anti-spam, DMARC, safe links), the PosturIQ service principal needs an Exchange role. Choose one of the two options:

Assign the Exchange Administrator Entra directory role:

  1. Open Entra Admin Center - Roles
  2. Search for Exchange Administrator and click it
  3. Click Add assignments
  4. Search for PosturIQ Scanner and select it
  5. Click Add

This grants read+write access to Exchange Online. PosturIQ only reads policy settings and never modifies your configuration.

After assigning the role, trigger a new scan from your dashboard to include email checks.

Without this step, PosturIQ can still scan identity and device configurations, but email security checks will be skipped and your email score will show as unavailable.

Understanding your results

Your dashboard shows three scores:

Microsoft 365 - MFA enforcement, conditional access, risky sign-in policies, legacy auth

Devices - BitLocker, firewall, antivirus, OS updates, screen lock

Email - Anti-phishing, anti-spam, safe links, DMARC, mail forwarding rules

Each finding includes a severity level, a plain-language explanation of the risk, and a recommended fix. Focus on Critical and High findings first.

PosturIQ runs weekly scans automatically and sends you an email report showing score changes and new findings.

What's next?

Deploy the device check to get endpoint scores Set up multi-tenant management (MSPs)