top of page

M365 Assessment Tool FAQs 

Here you will find our frequently asked questions, if you have any other questions, please contact us via the website chat and we'll be more than happy to answer them!

  • Can I add multiple clients and tenants to Overe?
    Currently, Overe is limited to allowing a single tenant to be connected. However, we understand the importance of supporting Managed Service Providers (MSPs) and their need to manage multiple clients and tenants efficiently. We are pleased to inform you that in our next release, we will be introducing functionality specifically designed for MSPs, allowing them to add and manage multiple clients and tenants within the platform. This upcoming enhancement will provide MSPs with better flexibility and streamlined management capabilities. If you cannot wait for this functionality, contact us at and we can give you a temporary workaround.
  • What measures do you have in place to ensure my data is secure?
    We have implemented robust security measures to safeguard your data. These measures include encryption, access controls, and regular security audits. Your data is encrypted both in transit and at rest, ensuring that it remains protected against unauthorized access. We strictly adhere to industry best practices and comply with relevant data protection regulations to maintain the confidentiality and integrity of your data. Overe is Cyber Essentials certified and our team is trained on data privacy and security protocols to ensure the highest level of protection for your data. We take data security seriously and continuously invest in maintaining a secure infrastructure to safeguard your information.
  • Why is it free? What's the catch?
    Overe is currently provided as a free security tool to benefit MSP's and other companies enhance their security posture. We believe in the value of providing a more comprehensive and easier to digest view of security compared to what Microsoft offers. As a vendor, we are committed to delivering premium services in the future that will further support companies in their security efforts. Offering Overe for free allows us to build trust and establish a strong user base. Additionally, we can gather valuable feedback and insights from users, which helps us improve the platform. It's a win-win situation where users can benefit from enhanced security, and we can refine our services based on user experiences.
  • What does the 'Dark Web' search do?
    In the Users section of our service, we have a feature that actively monitors and scans the hidden corners of the web. Its primary purpose is to identify any compromised data linked to email addresses registered in your Active Directory. This takes a proactive approach by flagging potential vulnerabilities within your own user base. It's crucial to understand that if one of your users gets flagged as compromised, it doesn't necessarily mean that their Microsoft account has been breached. Instead, it indicates that credentials associated with their email address have been detected on the Dark Web. With this valuable information in hand, it's advisable to review the affected user accounts for any unusual or suspicious activities. In some cases, a credential reset may be necessary as a precautionary measure. This will be automatically enabled for all customers at no charge up to 100 email addresses per tenant
  • Where are Overe’s servers located (GDPR)?
    To comply with GDPR requirements and ensure data sovereignty, Overe maintains servers in both the United States and Europe. This allows us to store and process data in regions that align with the specific needs and regulatory requirements of our users. We understand the importance of data protection and strive to ensure that your data remains within the designated region in accordance with applicable data privacy laws. As a customer, you will have a the choice of where your data is stored (EU vs US)
  • As an MSP, how can I use this as a sales tool to get more leads or provide more value to existing clients?
    Overe offers several key selling points that make it an advantageous choice for MSPs when dealing with clients: Enhanced Security: Overe provides a more comprehensive view of security compared to what Microsoft offers through their suite of products and portals. With Overe, you can identify and prioritize security controls based on your clients' specific needs, ensuring a higher level of protection for their Microsoft setups. Personalized Assessments: Overe takes into account your clients' business specifics by considering factors such as company size, industry, and region of operation. This allows for a personalized security assessment that aligns with their unique requirements and compliance considerations. Actionable Recommendations: Overe not only identifies security gaps but also provides actionable recommendations to improve your clients' security posture. These recommendations are tailored to their specific business profile and license suitability, enabling you to guide them towards the most effective security measures. Cost-Benefit Analysis: Overe helps you assess the suitability of your clients' current Microsoft licenses in relation to their security posture. It recommends whether upgrading to higher plans or considering additional licenses would be beneficial. Moreover, Overe provides insights into the associated costs and the benefits your clients can gain from such upgrades, enabling informed decision-making.
  • Does Overe have any compliance certifications?
    Overe is committed to maintaining high standards of security and compliance. Overe is Cyber Essentials certified and our team is trained on data privacy and security protocols to ensure the highest level of protection for your data. we adhere to industry best practices and implement robust security measures to protect your data. We continuously assess and improve our security practices to ensure compliance with relevant regulations and standards. We understand the importance of certifications, and obtaining them is an ongoing priority for us. Rest assured that we are dedicated to providing a secure and compliant platform for our users.
  • How does Overe determine the suitability of the current Microsoft license for the company's security posture?
    Overe assesses the suitability of the current Microsoft license by evaluating the company's security posture and comparing it with the features and capabilities offered by the license. If the company's security needs cannot be adequately met with the current license, Overe will indicate whether an upgrade or additional plans should be considered to address the identified security gaps.
  • If I stop using the free tool, what happens to my data?
    We prioritize the security and privacy of your data. If you choose to stop using the free tool, we will remove any data that has been collected from your account or tenant in the portal. Your data will be securely deleted from our systems. We understand the importance of data protection and take great care in handling and managing your data in accordance with industry best practices and applicable privacy regulations. Your privacy is our utmost concern, and we are committed to ensuring that your data remains safe and confidential. Do delete your account and data, please navigate to the portal and follow the on screen instructions under "Account Settings" > "Delete Account" Note that we do keep a record of your email in our Customer Relations tool to aid support reasons, however, should you wish this to be removed, please email us at
  • Do you have a Demo Video of the Free tool?
  • What is the purpose of the Overe M365 Assessment tool and how does it differ from Microsoft Security Score portal?
    Overe's M365 Assessment tool is currently a free security tool that aims to provide a more comprehensive view on security compared to what Microsoft currently offers. The Microsoft Security Score is a % value based on a set of controls that are evaluated against the current configuration of a Microsoft tenant. A score per se might not mean anything to a user, that’s why want to introduce some guidance around it, explain what is relevant, and what should they do to mitigate the risks they are exposed to based on those scores. Microsoft achieves this by ranking those controls to give a sense of priority. Each control has a maximum score points that can be achieved (for instance, MFA for admins is 10 points), and those points are assigned based on how much of the control is implemented (in admins MFA, if 50% of admins have it enabled, would reach a 5 / 10 score). Then, controls are sorted based on the points left to achieve for each one. This is a good start, but it’s lacking in some ways: It’s using the same bar to measure all kinds of companies. It’s not taking into account any context about the company being evaluated. It’s taking into account some controls which the company might not be able to implement, based on their current licenses, and most importantly, it’s not clear about it. One can get a really low score, and not be able to figure out that this is because they are lacking some additional product to improve their posture. It does not let you know when important security settings have changed, so you need to constantly manually check for changes. Real world threats that can affect the business are not highlighted and quantified, leaving businesses unsure why they need to make changes to their settings or invest in a higher tier offering
  • How do the 'Posture Alerts' work?
    As an IT administrator, we know how hard it is to juggle all the daily tasks and the myriad of products you look after, so we've introduced an email alert service that lets you know if any critical security setting has changed in you Microsoft 365 tenant. We do not disclose any specific information in the email for security reasons, so you will need to log into the service to review details. Also, for our free service, these alerts typically run every 24hrs.
  • How does Overe personalize security scores and advice based on the company profile?
    We aim to provide a higher quality assessment than what users can already can find in their Microsoft portals by taking into account their business specifics. Overe personalizes security scores and advice by taking into account the company's specific details and security needs. By using a simple questionnaire to capture company demographics, Overe derives a security profile that considers factors such as data security, compliance requirements, and business continuity. This enables Overe to provide tailored recommendations and prioritize actions based on the company's unique circumstances.
  • When important security settings change, how do I know?
    With the Free tool, Overe will check for changes to important security settings on a regular basis to see what has changed. Overe will email a summary to advise you of these changes. At any point in time you may visit the portal to review these changes. It is important to understand that if a setting is turned off and then back on soon after, the report will not contains this information. However, this is will be a feature in the Premium service. (This feature for the Free tool is coming soon)
  • How does the threat vector calculation work?
    The threat vector calculation in Overe involves analyzing the security settings within Microsoft 365 and assessing the potential risks posed by misconfigurations or vulnerabilities. We take into account various attack scenarios that could exploit these security gaps. Here are some of the main attacks we consider in the calculation: Phishing: This attack aims to deceive users into disclosing their login credentials or sensitive information through fraudulent emails, social media, or other communication channels. Business Email Compromise (BEC): In a BEC attack, the attacker gains unauthorized access to a company's email system to impersonate employees, conduct fraudulent transactions, or obtain sensitive information. Account Takeover: This attack involves unauthorized access to a user's Microsoft 365 account, allowing the attacker to steal information or carry out malicious activities. Malware: The objective of a malware attack is to trick users into downloading or clicking on malicious payloads, enabling the attacker to gain access to their devices and conduct harmful actions. This is a common vector for Ransomware Spam: Spam emails are often used to distribute malware or deceive users into clicking on malicious links, leading to device infections or unauthorized data access. Data Loss Prevention: This attack focuses on stealing sensitive data from a victim's Microsoft 365 account and transferring it to an external location beyond the organization's control. Attackers may use various techniques, such as copying files to cloud storage or sending data through email or other channels. By evaluating the presence or absence of security settings related to these attack vectors, Overe calculates the potential threat level and provides recommendations to mitigate the risks and enhance security posture. It's important to note that the threat vector calculation is designed to help users understand their exposure to different types of attacks and prioritize actions to protect their Microsoft 365 environment, it does not guarantee protection.
  • How does Overe technically work to provide personalized assessments and advice?
    Overe utilizes a combination of data gathering, analysis, and algorithms to provide personalized assessments and advice. It starts by gathering information about the company through a simple questionnaire, capturing details such as company size, region of operation, and industry. This data is then used to derive a security profile for the company. Using this profile, Overe analyzes the company's Microsoft tenant configuration and evaluates it against a set of controls. It then ranks the controls based on their relevance to the company's security needs. If changes to settings are made, Overe will summarise the changes for you in a regular email report. Overe's algorithms take into account the current licenses and limitations, providing actionable recommendations to improve the security posture. The system is designed to be intuitive and user-friendly, ensuring that companies can easily understand and implement the advice provided by Overe.
  • Why does the “Overe Free” app say unverified?
    Our Microsoft app is marked as "unverified" because you may be using the staging/alpha version of the product. When an app is in beta, it signifies that it is still in the testing and development stage. During this phase, we gather user feedback, identify and fix issues, and make enhancements to ensure a more robust and reliable product. The "unverified" label serves as a reminder that the app's functionality and stability may not be fully refined. While the "unverified" label may raise concerns, we strive to maintain the highest standards of security and privacy for our users.
bottom of page