MSP Proof
Join the pilot
CMMC evidence automation for MSPs

CMMC evidence reports from Microsoft 365 in hours, not weeks.

MSP Proof scans Microsoft 365 and Entra configurations, maps findings to CMMC / NIST 800-171 evidence needs, and generates client-ready assessment packets MSPs can white-label.

Join the MSP pilot View sample report
Read-only Microsoft Graph access NIST 800-171 control mapping Multi-tenant by default
mspproof.app / tenants / acme-defense
LIVE SCAN
Tenant
Acme Defense Industries
Readiness
82/100
MFA enforced (all admins)
IA.L2-3.5.3
Audit logging enabled
AU.L2-3.3.1
Conditional Access gaps
AC.L2-3.1.12
External sharing unrestricted
AC.L2-3.1.3
Admin role assignments
AC.L2-3.1.5
Inactive users (3)
AC.L2-3.1.1
Evidence packet · 47 artifacts · timestampedExport PDF
The problem

Evidence collection eats your engineers.

For every CMMC client, MSPs spend hours collecting screenshots, exports, logs, MFA settings, admin roles, audit settings, and policy evidence — then formatting it into something an assessor or consultant can review.

Manual screenshots

Engineers click through admin centers gathering proof of every setting.

Stale exports

CSVs and logs go out of date before the assessment date arrives.

Inconsistent packets

Every client packet looks different. Reviewers ask for the same things twice.

The solution

From tenant settings to a client-ready evidence packet.

MSP Proof connects to Microsoft 365, pulls configuration evidence, maps it to control requirements, and generates clean reports with gaps, source data, timestamps, and remediation notes.

01

Connect

Authorize a read-only Microsoft Graph connection per tenant. No agents to install.

02

Scan

MSP Proof pulls configuration evidence across identity, audit, mail, sharing, and devices.

03

Map

Each finding is mapped to CMMC Level 2 / NIST 800-171 control families with source data and timestamps.

04

Deliver

Generate a white-labeled evidence packet with gaps highlighted and remediation notes.

The dashboard

One view across every defense contractor client.

12 tenants · last sync 2 min ago
Tenant readiness score
82/100
+6 since last scan
Evidence collected
1,284
artifacts across 12 tenants
Controls mapped
110 / 110
NIST 800-171 r2
Gaps found
7
3 high · 4 medium
Report generated
Today, 09:14
v3 · 47 pages · signed
Renewal due
94 days
Acme Defense · Level 2

Tenants

Sorted by readiness
Acme Defense Industries
82
Ready · 2
Cardinal Aerospace LLC
74
Needs review · 4
Northpoint Munitions
91
Ready · 1
Beacon Systems (GCC High)
58
Gap · 9
Ironforge Robotics
88
Ready · 1

Recent activity

  • Evidence packet exported — Acme Defense
    2 min ago · 47 pages
  • Conditional Access gap detected — Cardinal
    14 min ago · AC.L2-3.1.12
  • 3 inactive users flagged — Beacon Systems
    32 min ago · review
  • Audit log retention verified — Ironforge
    1 hr ago · AU.L2-3.3.8
What it collects

Configuration evidence, pulled and timestamped.

Every artifact captures the source query, the tenant, and the time of collection — so an assessor can trace any finding back to its origin.

MFA status

Per-user and admin MFA enforcement, methods, and exceptions.

Conditional Access policies

Policy coverage, gaps, named locations, and exclusions.

Admin role assignments

Privileged role inventory, eligible vs active, PIM usage.

Audit logging settings

Unified audit log status, retention, and mailbox auditing.

Mailbox forwarding rules

External auto-forwarding, transport rules, and risky inbox rules.

External sharing settings

SharePoint, OneDrive, and Teams guest sharing posture.

Encryption configuration

BitLocker, OneDrive encryption, and message encryption defaults.

Inactive users

Stale accounts, unused licenses, and dormant guest identities.

Risky sign-ins

Identity Protection signals, MFA failures, and unusual locations.

Device compliance signals

Intune enrollment, compliance state, and OS baseline drift.

Built for MSP workflow

Fits the way you already run your CMMC practice.

Multi-tenant dashboard

One pane for every contractor client. Sort by readiness, renewal, or gaps.

White-label reports

Your logo, your colors, your cover page. The packet is yours.

Client readiness scores

A consistent score per tenant so you can show progress over time.

Evidence packet export

PDF + supporting CSV/JSON, structured by control family.

Remediation checklist

Each gap comes with a concrete, MSP-ready remediation task.

Renewal tracking

Know which assessments expire when, before clients have to ask.

What MSP Proof is — and isn't

We don't replace assessors. We make their job easier.

MSP Proof does not replace assessors or consultants. It reduces evidence collection work and helps MSPs prepare cleaner CMMC documentation. Certification is granted by qualified third parties — our job is to make sure your clients walk in with a packet that doesn't waste anyone's time.

  • Read-only access to tenant configuration
  • Evidence sourced, timestamped, and traceable
  • Mapped to CMMC Level 2 / NIST 800-171 r2
  • No claims of guaranteed certification
Pilot program

Looking for 10 MSPs managing 10+ CMMC / NIST 800-171 clients.

We're working closely with a small group of design partners to shape MSP Proof around how real defense-focused MSPs operate.

Free pilot scans

Run MSP Proof across your contractor tenants at no cost during the pilot.

Founder support

Direct line to the founders. We treat your feedback as the roadmap.

White-label sample reports

Ship branded evidence packets to your clients from day one.

Early partner pricing

Lock in founding-partner pricing before public launch.

Apply to the pilot

Tell us about your MSP.

We'll get back within two business days. If you're a fit, we'll set up a working session and provision a pilot tenant connection together.

  • Read-only Microsoft Graph access
  • No long-term commitment
  • White-label sample report on call #1
Do you manage Microsoft 365 GCC High tenants?

By submitting, you agree to be contacted about the MSP Proof pilot.