Get your Microsoft 365 Security Posture Assessment.
An ABT consultant pulls your actual Microsoft Secure Score, maps your tenant against HIPAA-aligned client-data-protection controls and donor-data stewardship best practices, and ships a one-page report telling you what to fix first. Microsoft 365 Copilot readiness check included as bonus. Free for 501(c)(3) pregnancy help centers, Care Net affiliates, and faith-based ministries with medical services.
How the assessment works.
Four steps. Total of your time: about 35 minutes. We do everything else.
Tell us about your center
Five short questions: center size, current Microsoft 365 status, top concern. We tailor the report to your context.
5 min · on this pageGrant read-only tenant access
Your Microsoft 365 admin grants ABT read-only access via a standard Microsoft consent URL. Nothing is changed in your tenant.
30 min · with your M365 adminABT runs the scan
We pull your Microsoft Secure Score, map your tenant against HIPAA-aligned controls (the standard Microsoft 365 control set healthcare-grade nonprofits adopt voluntarily), review donor-data stewardship posture, and check Microsoft 365 Copilot readiness as bonus.
48 hours · on usYou get your grade + report
Personalized one-page PDF: your current grade, top five gaps, fix priorities, and a 90-day roadmap. Plus a 20-minute walkthrough call.
20 min · walkthrough callThree things most pregnancy help centers do not realize about their security.
When we run the assessment, this is what we typically find.
- Your donor list is more visible than you think.Default Microsoft 365 sharing settings often expose donor records to any user in your tenant — including volunteers, including former staff whose accounts were never properly deprovisioned. We tighten access by role + add audit logging so you know who saw what. For pregnancy help centers, the donor list is the asset most vulnerable to targeted attack and the one that, if leaked, you cannot recover from. We harden this first.
- Your client intake data may not be encrypted at rest.Microsoft 365 includes encryption by default, but the features that matter for sensitive client data — sensitivity labels, Customer Lockbox, eDiscovery hold for breach response — often require a license tier most centers do not have. We confirm what you have, what you are missing, and what nonprofit pricing makes affordable.
- Your audit logs default to 90 days — too short.Microsoft 365 audit logs need to be retained for at least 12 months to catch the kind of slow data leak that activist groups have used against pregnancy help centers. We extend retention + add alerting that fires within hours, not weeks, so a breach attempt is caught early.
What is inside your report.
Built from your actual Microsoft 365 tenant data. Not from how you answer the questions.
Six things every pregnancy help center executive director needs to know.
- Your Microsoft Secure Score (current)The actual number Microsoft assigns your tenant, ranked against pregnancy help centers of similar size. National average for small nonprofits sits in the low 30s. Healthy is 70+.
- Your top five missing security controlsSpecific Microsoft 365 controls that are turned off, mis-configured, or unlicensed in your tenant. Each one mapped to a fix priority and an estimated time to remediate.
- HIPAA-aligned client-data protection mapHow your current tenant maps to the HIPAA-aligned controls pregnancy help centers offering medical services (ultrasound, STI testing) voluntarily adopt: access controls, audit logs, encryption at rest, breach notification readiness. Acknowledges Nov 2024 HHS guidance that PRCs may not be HIPAA-covered entities while still positioning the control set as a reasonable trust framework.
- Donor-data stewardship + board fiduciary reviewHow your tenant protects donor information per ECFA (Evangelical Council for Financial Accountability) expectations, plus a board-fiduciary readiness check. Donor breaches at pregnancy help centers carry both regulatory and reputational risk; board members can be personally exposed.
- Microsoft 365 Copilot readiness check (bonus)Whether your tenant is configured safely to enable Microsoft 365 Copilot when you are ready. Most centers have at least two configuration gaps that would surface sensitive client information in Copilot results. We tell you what to fix before turning Copilot on.
- Your 90-day priority roadmapWhat to fix first, second, and third. With pricing where it applies, including Microsoft nonprofit licensing eligibility, Guardian Plan tier options, and which items your existing IT can handle vs which need a Tier 1 Microsoft CSP.
The grade bands.
Where most pregnancy help centers land before working with ABT.
Sister center spotlight
A pregnancy help center that has been doing this work with us.
A Care Net-affiliated pregnancy help center serving the greater Sacramento area, on ABT’s Guardian Plan + managed Microsoft 365.
Alternatives Pregnancy Center moved their Microsoft 365 tenant and security stack to ABT’s Guardian Plan because their leadership wanted to focus on the women they serve, the donors who fund the mission, and the volunteers who staff their programs — not on IT logistics, HIPAA paperwork, or wondering whether their donor records were safe.
Today their executive team spends meeting time on programs and donor relationships, not on IT troubleshooting. Their board moved past quarterly IT crises into proactive governance. The center’s tech-savvy volunteers stayed at the table — ABT did not replace their existing IT people. We gave them the playbook, kept them in the loop, and let them do their work well.
If you are a Care Net affiliate, a Heartbeat International member center, or any 501(c)(3) faith-based pregnancy help center, your leadership probably knows Alternatives PC’s name already. Ask any sister center in your network. The work is the same; the IT should not get in the way of it.
Start your assessment.
Five questions. Then your ABT consultant reaches out within one business day to set up the tenant scan.
What is the name of your pregnancy help center?
We will use this on your personalized report.
How many clients does your center see per month?
Best estimate. Used to size the tenant against centers of similar scale.
How is your team structured?
Volunteer vs paid staff matters for Microsoft 365 nonprofit licensing eligibility.
Are you currently using Microsoft 365?
Be as honest as you can. If you are not sure, that is a valid answer and helpful.
What is your single biggest concern right now?
Pick the one keeping you up at night. We weight the report accordingly.
Are you a registered 501(c)(3) nonprofit?
This unlocks free and discounted Microsoft 365 licensing.
Microsoft 365 admin authority.
We need read-only access to your Microsoft 365 tenant to run the real scan. Your admin grants it via a standard Microsoft consent URL.
Where should we send your report?
Your ABT consultant will reach out within one business day to set up the tenant scan.
You are in.
Your ABT consultant will review your responses and reach out within one business day to set up the Microsoft 365 tenant scan.
Total time for you from here: about 30 minutes. Your personalized report ships within 48 hours of the scan.
This is a real assessment. Not a self-quiz.
Most "security assessments" or "AI-readiness scorecards" online ask you eight questions and give you a number. We pull data directly from your Microsoft 365 tenant. That is the only way the assessment has any meaning. We need about 30 minutes of your Global Admin's time to grant read-only access. Everything else is on us.
Common questions.
If yours is not here, ask it on the wizard or on the form below.
Prefer to talk first?
Skip the wizard, schedule a confidential 20-minute conversation with the ABT pregnancy help center team. We will explain the assessment in more detail and decide together whether it is the right next step for your center.
