Veri-Tech
← Support

Every feature in the Veri-Tech platform

Five M365-native products — scanning, runbook generation, auto-remediation, endpoint security, feature-update management, config backup, IR tabletop drills, branded SOPs. Plus the cross-product intelligence, reporting, operations, and tenancy layers that keep everything running.

5
Products
923
Controls
12
Frameworks
330+
Auto-remediations
18
SOP types

Veri-Guard

M365 compliance scanning, runbooks, and auto-remediation

2 features

Compliance Scanner

Professional

Scans your Microsoft 365 tenant against 548 security controls across twelve compliance frameworks. Produces a weighted compliance score, per-domain breakdowns, and a control-by-control pass/fail report.

  • Twelve frameworks: CISA SCuBA, CIS Microsoft 365, EIDSCA, NIST 800-53 Rev 5, NIST CSF, Maester, ORCA, Veri-Tech Recommendations (detection) + ISO 27001, SOC 2, GDPR, HIPAA (mapping) — all sourced from authoritative public crosswalks
  • Six assessment domains: Identity, Intune, Exchange, Teams, SharePoint, Defender
  • Weighted scoring system — critical controls have higher impact on your score
  • Cross-framework mapping — every control shows which NIST, ISO, SOC 2, HIPAA, GDPR requirements it satisfies
  • Severity ratings (Critical, High, Medium, Low) for prioritization

Runbook + Remediation Engine

Professional

Generates a step-by-step runbook for every failing control your team can execute by hand. For the 330+ auto-remediable controls, also offers one-click apply on Pro+ with safety controls to prevent disruption.

  • Every failing control generates a step-by-step runbook in your choice of admin portal UI click-through, PowerShell, or Graph API — with expected output and rollback steps
  • 330+ of 548 M365 controls support optional one-click auto-remediation on Professional and Enterprise
  • Conditional Access policies deploy in report-only mode first — enforcement requires manual action
  • Break-glass (emergency access) accounts are excluded from all deployed policies
  • Just-In-Time (JIT) permissions — write access is granted before auto-remediation and auto-revoked after
  • Disruption risk rating (None, Low, Medium, High, Critical) shown for every control before deployment
  • Prerequisite checks — controls requiring specific licenses are skipped automatically if the license is not present
  • Dependency-aware execution ordering — controls are remediated in the correct sequence
  • Remediation rollback within 24 hours (Enterprise only)

Veri-Tune

Intune endpoint security with policy insights and modify-in-place remediation

2 features

Intune Endpoint Security

Enterprise

Assesses your Intune endpoint management configuration against 375 security controls covering Windows, macOS, iOS, and Android. Includes Policy Insights for cross-policy conflict detection, modify-in-place remediation, AI-generated plans, a dedicated per-platform assignment page, and a 3-tier dispatch workflow.

  • 375 Intune-specific controls across device compliance, configuration profiles, security baselines, and app protection
  • Cross-platform remediation: Windows, macOS, iOS, Android — with macOS auto-remediation for device configuration and compliance policies
  • Assignment-aware dual scoring — see both deployed (effective) and configured (total) compliance
  • Cross-source detection: Settings Catalog, Security Baselines, Compliance Policies, and more
  • Modify-in-place remediation — edits existing misconfigured policies instead of stacking overrides, with previous-value tracking
  • Per-control strategy toggle (Modify vs. Override) for granular control
  • AI-generated remediation plans with per-control dispositions respecting the registry's automatable flags
  • 3-tier dispatch workflow (green / amber / red) with Change Advisory + runbook generation before deployment
  • Dedicated policy assignment page with per-platform group selectors (Windows, macOS, iOS, Android)
  • Automated remediation with scoped JIT write permissions (3 permissions vs 14 for M365)
  • Cross-product detection surfaces related Veri-Guard and Veri-Patch controls from the same tenant
  • CIS, NIST, SOC 2, ISO 27001, HIPAA, and CISA framework mapping
  • Included with Enterprise and MSP plans

Policy Insights

Enterprise

A dedicated scanner that reads every Intune policy in your tenant and surfaces settings that appear in 2+ policies — flagging value conflicts, redundant duplicates, and unassigned overrides. The silent-misconfiguration detector that catches years of accumulated Intune drift.

  • Value conflict detection — identifies policies fighting each other with contradictory settings
  • Redundant duplicate detection — same setting, same value, across multiple policies
  • Unassigned override detection — overriding policies that aren't actually assigned to any group
  • Setting-centric view (one row per conflicting setting)
  • Policy-centric view (one row per policy, with its overlap footprint)
  • Filter by severity, policy type, platform, and conflict class
  • Downloadable Detailed and Executive reports in HTML, Markdown, or PDF
  • Prominent card on the Tune results page + separate full-screen page at /tune/[jobId]/policy-insights
  • Included with Veri-Tune (Enterprise and MSP plans)

Veri-Patch

Windows feature update intelligence and WUfB management

1 feature

Feature Update Intelligence

Enterprise

End-to-end Windows feature update management — prerequisite validation, telemetry setup, compatibility scanning, update policy configuration, direct group assignment for unassigned policies, and automated AU-scoped device group sync.

  • Guided prerequisite checker with telemetry setup wizard and regional privacy guidance
  • Live update policy viewer — feature rings, quality updates, expedited patches, and driver update profiles with KB/CVE details
  • Assignment status badges on every policy card (assigned / unassigned) across all WUfB policy types
  • Direct group assignment for unassigned WUfB policies with live group search
  • Feature update compatibility scanning with per-device readiness classification
  • Automated device group sync scoped via Administrative Units — zero tenant-wide group access
  • Recurring scan scheduling with CSV exports, shareable HTML reports, and email notifications
  • Included with Enterprise and MSP plans

Veri-Vault

Config snapshots, drift detection, restore, and tenant recovery

1 feature

Config Backup, Activity Log & Restore

Professional

Automatic Scan Snapshots, deep content search, side-by-side change detection, and — on Enterprise — the Vault Activity Log, config restore, drift alerting, Tenant Reconnect Wizard, and Emergency Accounts for tenant recovery.

  • Automatic Scan Snapshots captured alongside every compliance scan
  • Deep content search across snapshot contents
  • Change detection — see exactly what changed between any two snapshots, with search and filter on the diff
  • Auto-select recent snapshots in compare flows
  • Snapshot completeness indicators and size-trend stats
  • CSV/JSON export for snapshots; CSV export for comparisons
  • Download All Runbooks as ZIP from any snapshot
  • Vault Activity Log — snapshots, comparisons, restores, exports, admin actions (Enterprise)
  • Full config restore from any snapshot (Enterprise)
  • Tenant Reconnect Wizard for re-binding disconnected tenants (Enterprise)
  • Drift alerting with configurable thresholds — email + HMAC-signed webhooks (Enterprise)
  • Emergency Accounts with QR-code TOTP setup, scrypt password hashing, AES-256-GCM Key Vault encryption, and rate-limited login (Enterprise)
  • Tier-based snapshot retention: 90 days (Professional) / 1 year (Enterprise) / 3 years (MSP)

Veri-Docs

Branded SOPs generated from live M365 configuration

1 feature

SOP Generator

Generates branded standard operating procedures directly from your live Microsoft 365 configuration. SOPs document what is configured, how each policy is set up, and which users or groups are affected.

  • 18 M365 policy types — Conditional Access, Intune device config, compliance policies, security baselines, app protection, enrollment profiles, update rings, Autopilot, and more
  • Export formats: Markdown, HTML, PDF, and DOCX
  • Automatic version numbering and date stamping
  • Company branding (logo, colors, name) applied to all outputs
  • Policies are grouped by type with full configuration details

Intelligence

AI-grounded Copilot, risk modeling, and what-if simulation

5 features

Compliance Copilot

Enterprise

An interactive AI chat assistant grounded in your real tenant data. Ask questions about your compliance posture in natural language and get control-specific remediation guidance and impact analysis.

  • Chat grounded in your specific assessment results — not generic advice
  • Ask questions like "Which controls are failing for Exchange?" or "What's my NIST compliance score?"
  • Get prioritized remediation recommendations based on risk severity
  • Powered by Anthropic Claude Sonnet — enterprise-grade accuracy
  • No tenant configuration or user data is sent to the AI provider
  • Available on Professional (AI Insights + Remediation Plans) and Enterprise (full Copilot chat)

What-If Simulator

Professional

Project how your compliance score would change if you remediated specific controls — before making any changes. Helps prioritize which fixes deliver the most impact.

  • Select any combination of failing controls to simulate
  • See projected score impact per control and cumulative total
  • Identify high-impact, low-effort fixes for maximum score improvement
  • Client-side calculations — instant results, no API call required

Compliance Debt Calculator

Professional

Translates compliance gaps into dollar risk exposure. Maps each failing control to real-world breach costs, regulatory fines, and incident data to quantify the financial risk of inaction.

  • Dollar risk exposure calculated from 15 real breach incidents and regulatory actions
  • Per-control risk breakdown with incident citations
  • ROI analysis — compare remediation cost vs. risk exposure
  • Export-ready for executive and board presentations

Blast Radius Analysis

Professional

Shows the potential impact of each failing control — which real-world incidents it maps to, relevant MITRE ATT&CK techniques, and applicable regulatory fines.

  • Per-control risk context with real-world incident mapping
  • MITRE ATT&CK technique references where applicable
  • Regulatory fine ranges from GDPR, HIPAA, and other frameworks
  • Helps security teams communicate risk to non-technical stakeholders

Quick Win Bundles

Professional

Pre-built bundles of high-impact, low-effort compliance fixes grouped by theme. Track progress as you work through each bundle to systematically close gaps.

  • 6 themed bundles: Identity Hardening, Device Security, Data Protection, Communication Security, Cloud Infrastructure, and Endpoint Management
  • Progress tracking per bundle — see completion percentage as you remediate
  • Controls sorted by impact-to-effort ratio within each bundle
  • Direct links to remediation guidance for each control in the bundle

Reporting & Evidence

Board-ready reports, certificates with public verification, audit packets

4 features

Board-Ready Executive Report

Enterprise

Generate polished executive compliance reports designed for board presentations, audit committees, and C-suite briefings. Includes overall posture, framework scores, risk summary, and trend data.

  • One-click generation from any completed assessment
  • Framework-level scoring breakdown (CISA, CIS, NIST, etc.)
  • Risk summary with severity distribution and top gaps
  • White-label support — use your company branding or your client's
  • Available via API at /guard/{jobId}/board-report

Compliance Certificate

Enterprise

Generate and share a verifiable compliance certificate after each assessment. Certificates include a unique ID and public verification URL for auditors and partners.

  • Unique certificate ID with public verification endpoint
  • Shows overall compliance score, assessment date, and frameworks assessed
  • Shareable URL for third-party verification without portal access
  • Automatically generated for assessments scoring above threshold

White-Label Reports

MSP

Apply your own branding (logo, company name, color scheme) to all reports and documents generated for client tenants. Clients see your brand, not Veri-Tech.

  • Custom logo and company name on all generated reports
  • Applies to SOPs, compliance reports, executive summaries, and certificates
  • Configure per-tenant or use a default brand across all clients
  • Settings managed from the MSP Dashboard → Branding

HIPAA Assessment

Enterprise

Maps your Microsoft 365 security controls to HIPAA Security Rule safeguards. Identifies which technical safeguards are addressed by your current configuration and where gaps remain.

  • Maps controls to HIPAA §164.308 (Administrative), §164.310 (Physical), §164.312 (Technical) safeguards
  • Distinguishes Required vs. Addressable safeguard implementation specifications
  • Generates HIPAA-specific compliance evidence for auditors
  • Available as a $199/mo add-on to Enterprise and MSP plans

Operations

Rollback, scheduled scans, alerts, and the document archive

4 features

Remediation Rollback

Enterprise

Undo remediation changes within a 24-hour window. Rollback automatically restores the previous configuration value captured before remediation.

  • 24-hour rollback window after any remediation action
  • Previous configuration values captured automatically (beforeValue)
  • Per-control rollback — undo individual changes without affecting others
  • Full audit trail of rollback actions

Scheduled Scans

Professional

Automate recurring compliance assessments on a daily, weekly, or monthly cadence. Never miss configuration drift — scans run on schedule and results appear in your dashboard.

  • Daily, weekly, or monthly scan schedules
  • Timer-triggered execution — no manual intervention needed
  • Results appear in the compliance dashboard alongside on-demand scans
  • Configure schedule from Settings → Scan Schedule

Compliance Alerts

Professional

Get notified when your compliance score changes beyond a configured threshold. Supports email notifications and HMAC-signed webhook delivery for integration with your existing tools.

  • Score delta alerts — trigger when compliance score drops by a configurable amount
  • Email notifications to specified recipients
  • HMAC-signed webhook delivery for Slack, Teams, PagerDuty, or custom integrations
  • Configure thresholds and delivery channels from Settings → Alerts

Document Archive

Every SOP, compliance report, gap analysis, and runbook you generate is stored in a searchable archive. Download individual documents or bulk-export by date range.

  • Search by document type, date, or environment name
  • Filter by job type: SOPs, Compliance Scans, Assessments, Runbooks, Remediation
  • Documents grouped by month for easy navigation
  • Download individual files or full job packages (ZIP)
  • Retention: 30 days (Starter), 90 days (Professional), 3 years (Enterprise/MSP)

Team & Tenancy

Workspace administration, RBAC, multi-tenant management, MSP hub

3 features

Team & User Management

All Plans

Invite teammates into the portal, assign roles, track every login and admin action in the user audit log, enforce plan-tier seat limits, and revoke sessions on demand. Built for enterprise IT teams with multiple administrators.

  • Plan-tier seat limits: Starter up to 5 · Professional up to 25 · Enterprise/MSP unlimited
  • Invite flow with email pre-assignment and 7-day expiry
  • Require-invite toggle — lock new-user sign-ups to pre-invited emails only
  • Four roles: Owner, Admin, Viewer, Billing
  • Bulk role changes with multi-select checkboxes
  • User audit log — logins, role changes, removals, invites, session revocations
  • Session revocation with 5-minute propagation (down from 15 minutes)
  • Access denial UX for removed / invite-required / limit-reached users
  • User profile page (/account) — role, tenant, plan tier, member-since date
  • Audit log page at /settings/audit-log

MSP Hub

MSP

Managed Service Providers can manage multiple client tenants from a single dashboard. Run assessments, generate SOPs, and track compliance across your entire client portfolio.

  • Centralized dashboard showing all managed client tenants
  • Run assessments and generate documents for any client from your portal
  • Per-client compliance score tracking and trend analysis
  • Volume pricing — 20% off for 5-14 tenants, 30% off for 15+
  • White-label branding for client-facing reports

Multi-Tenant Hub

Enterprise

Enterprise organizations managing multiple tenants (subsidiaries, business units, regions) can monitor compliance across their entire fleet from one hub.

  • Fleet-wide compliance dashboard with cross-tenant comparison
  • Drift detection across tenants — spot when one falls behind
  • Centralized policy management recommendations
  • Per-tenant RBAC (Owner, Admin, Viewer, Billing roles)

See it on your tenant

Connect Microsoft 365 read-only and watch Veri-Tech score 548 controls across 12 frameworks before your coffee’s cool.

Get started Book a call