Copilot QuickScan • Evidence readiness
Evidence readiness.
Evidence readiness answers: what counts as proof, where signals come from, how long they are retained, and how to export them.
Public intake = non-confidential. This page is explanatory. Tenant-specific evidence steps are delivered as D4.
Minimum evidence set
Common categories used to respond to audit/client questions.
Evidence categories
- Configuration posture: enablement scope, key controls posture, connector restrictions (where applicable).
- Change control: what changed, when, and by whom (admin-level signals).
- Usage signals: what exists and how it is retained (availability depends on tenant configuration).
- Exception handling: who approved exceptions and how expiry is managed.
Owners and accountability
Evidence is only “board-ready” when owners are named.
| Evidence item | Owner | Export / retrieval note |
|---|---|---|
| Enablement scope snapshot | M365 Admin | Configuration export / screenshot pack (tenant dependent) |
| Retention posture summary | Security / Compliance | Policy posture + retention windows (high-level) |
| Admin change log method | M365 Admin | Where change events are recorded and how retrieved |
| Exception register | Security / Compliance | Approval, rationale, expiry, and audit trail |
What QuickScan delivers (D4)
Tenant-specific “how to prove it” steps and owners.
- Signals list (what exists, what does not, what requires enabling)
- Retention posture snapshot (high-level)
- Export steps + owner assignments
- Minimum evidence bundle for board/client questions