Other tools tell you what's broken.CYBERWHITE deploys the fix.
One click pushes verified Microsoft Graph policies for Essential 8 and SMB1001. Snapshot first, deploy honestly per Microsoft's actual mode (report-only where Microsoft supports it, active for the rest), verify, and roll back any change with a single click if anything looks off.
Plus baseline SOC 2 M365 policies (MFA + access review). NIST CSF, NIST AI RMF and CIS v8 are covered by assessment + CARS prioritisation + evidence collection.
REPORTS vs REMEDIATES
Most compliance platforms find the gap and stop there. You still have to fix it.
Drata · Vanta · Secureframe
Reporting tools
- Scan your tenant for compliance gaps
- Produce reports for auditors
- Show you which controls are failing
- You implement every fix manually in M365
- No snapshot, no rollback, if a policy breaks something, you debug it
CYBERWHITE AutoFix
Remediation engine
- Scan your tenant for compliance gaps
- Produce reports for auditors
- Show you which controls are failing
- Pushes the fix in one click. Verified Microsoft Graph policy library
- Snapshot before every deploy. One-click rollback. Audit trail of every change.
Four steps. Every action. Every time.
No black box, no surprises. Every AutoFix action runs the same disciplined sequence.
Snapshot
Before changing anything, CYBERWHITE captures the current state of the M365 setting via Graph API. Stored as a rollback record with a timestamp.
Execute
Deploys the policy via Microsoft Graph API. By default, deploys in report-only mode so you can review impact before enforcement.
Verify
Re-queries Graph API to confirm the policy is applied. Verification result + timestamp written to the audit log. No "fire and forget."
Roll back (anytime)
One click restores the snapshot. If a user complains, if the policy needs tuning, if anything looks off, undo in seconds. Audit log records every roll back too.
What AutoFix actually deploys
Verified actions across four frameworks. We show the honest breakdown because real buyers will ask which controls deploy and which need manual work.
Essential 8 ML1
automated actions
MFA, patching, macros, admin privileges, application whitelisting, backups
Essential 8 ML2
automated actions
PIM, ASR rules, conditional access tightening, audit log retention, AppLocker
SMB1001 (Bronze → Diamond)
automated actions
Defender Antivirus, Windows Firewall, automatic updates, strong password policy, TLS 1.2+
SOC 2 (M365 mapping)
automated actions
CC6.1 MFA enforcement + access review baseline
What AutoFix does NOT do
NIST CSF, NIST AI RMF and CIS v8 are covered by assessment, CARS prioritisation and evidence collection, but no AutoFix actions today. Same for organisational controls (policies, training, vendor reviews) which can't be deployed via API. For those, CYBERWHITE collects evidence and tracks completion while your team implements.
Not every control is one-click. We tell you which is which.
Every action in our registry is labelled with one of five categories so you know what to expect before you approve a deployment.
graph_deployable
Real Graph API call. CYBERWHITE writes the policy. One click. The bulk of our E8 + SMB1001 actions.
license_gated
Deployable IF the tenant has the required M365 license (e.g. E5, P2). Otherwise CYBERWHITE shows the manual instructions instead.
detection_only
We can scan and prove compliance, but there's no policy to deploy (e.g. audit logs that are already on by default).
portal_manual
Must be configured in a specific admin portal (e.g. Defender Security Center). CYBERWHITE provides the deep link + step-by-step guide.
attestation_only
Business-process control. Your team attests yes/no with evidence. CYBERWHITE tracks the attestation and reminds you to renew it.
Why this matters
Other tools claim "automated everything." We're honest: not every control fits an API. Knowing which controls we deploy vs which need manual work makes audit prep predictable.
Built for admin access. Designed for trust.
We're asking for write access to your Microsoft 365 tenant. Here's how we make that safe.
You decide what gets deployed
CYBERWHITE never deploys a policy automatically. Every AutoFix requires you to click deploy on a specific recommendation in the dashboard. Without that click, nothing changes in your tenant.
Connect for assessment. Deploy when you're ready. Roll back if you change your mind.
Report-only first
Every Conditional Access policy CYBERWHITE deploys starts in report-only mode. You review impact for 24-48 hours before enforcing.
Standard Microsoft pattern, nothing exotic.
Pre-flight checks
Before deploying, CYBERWHITE checks for conflicts, existing policies, excluded users, tenant-specific risks. Surfaces them in the approval screen.
No surprise overrides of your existing setup.
Full audit trail
Every snapshot, deploy, verify, and rollback is logged with timestamp, actor, tenant ID, and the exact payload sent to Microsoft Graph.
Export to your SIEM or auditor on request.