See where Microsoft Entra ID access could put your organisation at risk.
Directory Guard gives you a read-only view of the areas auditors ask about, starting with privileged roles and external access, with stale account clean-up on the roadmap. Connect with your own app registration, review the findings, and be ready to show your next steps.
Built for CISOs, IT security leads, identity owners, and UK managed service providers.
Read-only connection
You keep the app registration and consent.
No global admin passwords
We never ask for impersonation or standing access.
Scoped to your tenant
Data stays within the tenant you connect.
Tenant overview
Neutral preview of the Directory Guard view for Entra ID insights without exposing live data.
Who it is for
Made for teams that need answers quickly
Directory Guard helps the people accountable for Microsoft Entra ID to see risk, agree actions, and stay ahead of audits.
CISOs and heads of security
Answer board and audit questions with a clear view of Entra ID risk.
IT security leads
See where privileged access and external users need attention today, with stale accounts highlighted as they are added.
Identity and Entra owners
Validate how your tenant is set up before it becomes a finding.
Managed service providers
Provide clients with a read-only health view without asking for global admin access.
What you can see
Clarity on Entra ID exposure
Outcome-led insights that focus on access, exposure, and the tidy-up work that follows.
Tenant overview and key stats
User, group, and application counts with verified domains so every review starts with context.
Privileged access that matters
See where high-impact roles sit and where admin rights may be concentrated.
External access exposure
Guest users, external access, and app exposure so you can confirm who has a way in.
Stale accounts and old apps
Detection for inactive identities and ageing applications being developed for upcoming releases.
Security and trust
Built to respect how you run Microsoft Entra ID
Plain, practical safeguards so you can connect with confidence.
Read-only Microsoft Graph permissions
Only the scopes you approve, agreed up-front and easy to review later.
You own the connection
Keep the app registration and secrets in your tenant to stay in control.
No global admin passwords
No impersonation or background agents that ask for elevated accounts.
Scoped handling of data
Server-side processing only, tied to the tenant you connected.
How it works
Straightforward steps to get visibility
Keep control of the connection, view findings, and decide what to fix first.
1. Connect with your own app registration
Grant the lightweight Microsoft Graph permissions and keep credentials on your side.
2. Review Entra ID access in one place
See the roles and external access that could become audit actions, with stale object clean-up to follow.
3. Share the next steps
Use the findings to brief stakeholders and prioritise tidy-up work.
On the roadmap
Where Directory Guard is heading
We are keeping the experience focused on visibility, evidence, and action that security leaders can trust.
Quick export for stakeholders
Concise summaries you can share with auditors and risk owners.
Stale account and app checks
Recurring prompts to keep inactive accounts and unused applications visible.
Richer context for admin roles
More detail on where privileged access is used and why it matters.
Ready to see your Entra ID posture?
Connect with a read-only app registration you own, review the findings together, and agree the steps to be audit-ready.