What CloudCapsule Can't See on Microsoft 365 Business Standard
Microsoft 365 Business Standard lacks Defender, Intune, Conditional Access, Entra ID P1, and full DLP — so several CloudCapsule checks fail or return no data. What works, what does not, and the recommended license tiers.
CloudCapsule assessments cover 200+ key security datapoints across CIS Controls and NIST CSF 2.0, pulling data from Entra ID, Microsoft Defender, Intune, Exchange, Teams, and SharePoint. On Microsoft 365 Business Standard, several of those data sources simply do not exist. This means certain checks will fail, return no data, or cannot be assessed at all.
Microsoft Defender
Business Standard does not include a Defender for Business license. Tenants on Business Standard will fail to complete the consent process in CloudCapsule due to a missing Defender service principal. This results in zero visibility into endpoint threat detection, malware and ransomware status, and real-time protection reporting.
For steps to resolve the Defender service principal error, refer to How to Connect a Customer Tenant and Troubleshoot Consent Issues.
Intune and device compliance
Intune is not included with Business Standard. Without it, CloudCapsule's device health reporting has nothing to pull from. This includes full details of impacted users and devices surfaced as part of each control finding. Device compliance, enrollment status, and configuration profiles will all be unavailable for Standard tenants.
Conditional Access policies
Conditional Access requires Microsoft Entra ID P1, which is bundled with Business Premium but not Business Standard. Any CloudCapsule checks against Conditional Access configurations will show as unconfigured or missing on Standard tenants.
Advanced Entra ID and identity controls
Advanced identity and anomaly reports require Microsoft Entra ID P1 or P2. Business Standard includes only the base Entra tier, so identity risk signals surfaced by CloudCapsule — such as risky sign-ins and anomalous resource usage — will not be available.
Data protection and DLP
Business Standard does not include Azure Information Protection and has limited Data Loss Prevention capabilities. CloudCapsule checks against data classification and protection controls will flag these as gaps, with no underlying configuration to assess.
Recommended license
For a complete CloudCapsule assessment, the customer tenant should have one of the following:
- Microsoft 365 Business Premium
- Microsoft 365 E3 or higher
- Microsoft Entra ID P1 or higher (with a qualifying base license)
These licenses ensure CloudCapsule can access the full range of security data needed to provide an accurate and complete assessment.
See Microsoft License Requirements for CloudCapsule Assessments for the full license-impact reference.
When to contact support
If you have questions about how your tenant's licensing affects assessment results, reach out directly.
Email: support@cloudcapsule.io · In-app: Navigate to Support and open a new ticket.