How it works
Connect in minutes, keep control, and see the findings that matter
Directory Guard keeps the onboarding lightweight so you can move quickly and stay confident in how access is handled.
Step 1
Create the app registration
Set up the app registration in your tenant with the minimal read-only Microsoft Graph scopes.
Step 2
Connect to Directory Guard
Provide the Tenant ID, Client ID, and client secret securely. Credentials stay server-side and scoped to the tenant you choose.
Step 3
Review what matters
Validate the connection, then see the roles and external access that need attention, with stale account insights being added.
Security and trust
Built to respect your Microsoft Entra ID
Plain, clear safeguards so you know exactly how the connection is handled.
Read-only by default
We only request the permissions you approve.
Customer-owned
You create and manage the app registration.
No impersonation
No background agents or hidden admin accounts.