Access Checklist (Client-Friendly)
Goal: enable a fast assessment with read-only access where possible.
Identity & Admin
- Admin role list (who is global admin)
- MFA/2FA enforcement status
- SSO status (if used)
- Shared accounts list (if any)
Email & Collaboration
- Email security configuration overview
- External forwarding controls
- External sharing settings (Drive/SharePoint)
Endpoints
- Device inventory report (best available)
- Patch/update posture report (best available)
- Disk encryption status (BitLocker/FileVault)
Backups & Restore
- Backup solution name + admin portal access (read-only ok)
- Coverage overview (what’s backed up)
- Retention settings
- Last restore test date (if any)
Ops & Vendors
- Vendor list (MSP, backup vendor, key SaaS)
- Top 5 critical workflows
- Existing runbooks/policies (if any)
Safe access approach (recommended)
- Prefer a dedicated audit account
- MFA required
- Time-limit access and revoke at closeout
- Share credentials via password manager (not email/text)