How to build an auditor-ready Microsoft 365 evidence collector with Microsoft Graph

In this article, I will explain how to use the Microsoft Graph Tenant Configuration Management (TCM) APIs to build an NIS2/ISO evidence collector for Microsoft 365. This approach allows you to move from manual, screenshot-based evidence gathering to a more robust, repeatable, and machine-readable evidence engineering process.