Audit Reports
Generate comprehensive compliance audit reports for any active framework across your managed Microsoft 365 tenants. Choose from executive summaries, detailed technical assessments, or complete evidence packages. Schedule recurring reports and export in multiple formats.
Note: Audit Reports consolidate compliance assessment results, evidence artifacts, risk analysis, and remediation status into professional, audit-ready documents. Reports can be generated on demand or scheduled for automatic delivery to stakeholders, reducing the time MSPs spend on manual report compilation.
Reporting Overview
| Metric | Value |
|---|---|
| Report Templates | 5 |
| Reports Generated (30d) | 42 |
| Scheduled Reports | 8 |
| Archived Reports | 186 |
Report Templates
- Executive Summary — High-level compliance overview designed for C-suite and non-technical stakeholders. Includes overall compliance score, framework-by-framework status, top risks with business impact descriptions, remediation progress summary, and trend indicators. Typically 3-5 pages.
- Detailed Assessment Report — Comprehensive control-by-control assessment with pass/fail status, evidence references, and remediation recommendations. Organized by framework sections and control families. Includes configuration details and Graph API evidence. Typically 20-50 pages.
- Evidence Package — Complete evidence bundle mapped to framework controls for external auditors. Includes configuration exports, screenshots, audit log extracts, policy documents, and attestations. Exported as a structured ZIP archive.
- Gap Analysis Report — Focused report on non-compliant controls with prioritized remediation recommendations. Lists each gap with severity, affected frameworks, estimated effort, and potential business impact.
- Trend and Progress Report — Historical analysis showing compliance score progression, remediation velocity, drift frequency, and risk posture changes over a selected time period. Ideal for quarterly business reviews.
Report Contents by Section
| Section | Contents | Included In |
|---|---|---|
| Cover Page | Client name, MSP branding, report period, framework, generation date | All templates |
| Compliance Score | Overall score, category breakdowns, pass/fail/partial counts | Executive, Detailed, Gap Analysis |
| Framework Summary | Per-framework score with control family breakdown | Executive, Detailed |
| Control Details | Individual control status with M365 configuration evidence | Detailed, Evidence Package |
| Gap Findings | Non-compliant controls with severity, impact, and remediation steps | Detailed, Gap Analysis |
| Risk Summary | Top risks, risk matrix, treatment plan status | Executive, Detailed |
| Evidence Index | Mapping of evidence artifacts to controls with file references | Evidence Package |
| Trend Charts | Score progression, remediation velocity, drift frequency over time | Executive, Trend Report |
| Recommendations | Prioritized next steps for improving compliance posture | All templates |
Scheduled Report Generation
- Schedule Configuration — Set up recurring report generation on weekly, monthly, or quarterly schedules. Select the report template, target frameworks, and tenant scope.
- Delivery Options — Automatically deliver reports via email, post to a Microsoft Teams channel, or upload to a SharePoint document library.
- Custom Branding — Apply your MSP branding to all generated reports including logo, company name, color scheme, and contact information.
- Multi-Tenant Rollup — Generate aggregated reports across multiple tenants for portfolio-level visibility. Compare client compliance scores and identify common gaps.
Export Formats
| Format | Use Case | Details |
|---|---|---|
| Client delivery and formal audit documentation | Branded, paginated, with table of contents and bookmarks | |
| Excel (XLSX) | Data analysis and control tracking | Multiple worksheets for controls, evidence, gaps, and risk register |
| CSV | Import into GRC tools or PSA systems | Flat file with control status, evidence links, and risk scores |
| ZIP Archive | Evidence packages for external auditors | Organized folder structure with evidence files and index document |
| JSON | API integration and programmatic consumption | Structured data for custom dashboards and automated workflows |
Historical Report Archive
- Search and Filter — Find historical reports by date range, template type, framework, tenant, or generated-by user. Full-text search of report contents.
- Version Comparison — Compare reports across time periods to track compliance progression. Side-by-side view highlighting controls that improved, degraded, or remained unchanged.
- Retention and Archival — Configure retention policies for report storage. Default retention is 7 years for audit reports. Apply legal hold to prevent deletion during active audits.
Best Practices
- Schedule monthly executive summaries for client delivery to demonstrate ongoing compliance value
- Generate detailed assessment reports before audit engagements to identify remaining gaps early
- Use the evidence package template to prepare auditor deliverables well before the audit window
- Apply MSP branding to all client-facing reports for professional presentation
- Use trend reports during quarterly business reviews to show compliance improvements over time
- Archive all reports for at least the compliance framework’s required retention period
API Reference
GET /api/addons/trust-center/reports— List generated reports with filteringPOST /api/addons/trust-center/reports/generate— Generate a new reportGET /api/addons/trust-center/reports/:reportId— Retrieve report metadata and download linkGET /api/addons/trust-center/reports/:reportId/download— Download the report fileGET /api/addons/trust-center/reports/schedules— List report generation schedulesPOST /api/addons/trust-center/reports/schedules— Create a scheduled reportGET /api/addons/trust-center/reports/templates— List available report templatesPUT /api/addons/trust-center/reports/branding— Update MSP branding settings
Last updated on