EntraAnalyzer

For IT admins, security teams & consultants

Run a free Entra ID security scan

Get an instant overview of your risks. Upgrade to keep monitoring, verify fixes, and stay secure.

Run free scan

No credit card required for your first scan.

Entra ID security scan illustration: a shield protecting your tenant with critical, high and medium severity findings surfaced as cards
Read-only permissions
No agents to install
EU data residency
Sign in with Microsoft

We will never

  • Modify settings in your tenant
  • Create users, roles, or policies
  • Write data back to Entra ID

Required permissions

All permissions are read-only. Nothing is ever written back.

View all 13 Graph permissions
  • Directory.Read.AllRead directory data (users, groups, roles)
  • User.Read.AllRead all user profiles and properties
  • AuditLog.Read.AllRead sign-in activity and audit logs
  • Group.Read.AllRead all groups and memberships
  • Application.Read.AllRead all application registrations
  • RoleManagement.Read.DirectoryRead directory role assignments
  • Policy.Read.AllRead Conditional Access and security policies
  • UserAuthenticationMethod.Read.AllRead users' authentication methods (MFA)
  • Device.Read.AllRead device objects and compliance state
  • DeviceManagementManagedDevices.Read.AllRead Intune managed devices
  • IdentityRiskEvent.Read.AllRead Identity Protection risk events
  • AccessReview.Read.AllRead access reviews configuration
  • EntitlementManagement.Read.AllRead entitlement management configuration

Security Overview

A single dashboard for your Entra ID security posture.

Every scan surfaces misconfigurations, risky changes, and policy drift — ranked by severity so you know exactly what to fix first.

  • Critical — missing break-glass accounts, exposed secrets, public-facing admin endpoints
  • High — over-privileged apps, Conditional Access gaps, weak MFA coverage
  • Medium — stale guests, unmanaged devices, unused admin roles
  • Low — hardening recommendations and best-practice drift

Across 60+ built-in rules covering identities, devices, applications, Conditional Access, privileged roles, and audit activity.

Entra Analyzer Security Overview showing findings, trend graph and tenant status

Compliance Posture

Map every finding to the frameworks your auditors ask about.

Each rule is pre-mapped to the relevant control clauses. See pass-rate per framework, drill into failing rules, and export evidence without spreadsheets.

ISO 27001 ISO 27002 NIS2 CIS v8 SOC 2 GDPR NIST CSF

Activate the rules relevant to your scope — pass rate and clause coverage update automatically on every scan.

Compliance Posture page showing pass rate per framework: ISO 27001, ISO 27002, NIS2, CIS v8, SOC 2, GDPR, NIST CSF

Everything in one scan.

Daily or weekly scans

Schedule automated scans that check your Entra ID configuration and surface new risks.

Connect with Microsoft

Prioritized findings

Every scan ranks defects by severity so you know exactly what to fix first.

Learn more

Email reports

Get a clear summary emailed after each scan — forward it to leadership, auditors, or your security team.

How it works

Sign in with Microsoft

Authenticate with your existing Microsoft account and grant read-only access to your Entra ID tenant.

We scan automatically

Choose daily or weekly cadence. Entra Analyzer checks for misconfigurations, risky changes, and policy drift.

Get your email

Receive a clear, prioritized summary with findings and recommended fixes delivered to your inbox.

See exactly what you will receive.

Every scan generates a prioritized security report showing severity, what's wrong, and how to fix it. Enter your email and we'll send you a real sample with demo data.

Free scan to see your risks. Upgrade to stay in control.

Your first scan is free. Subscribe to keep scanning, schedule recurring runs, and get email reports.

Early Adopter Access

EntraAnalyzer

49/mo USD

per tenant · excl. VAT · billed monthly

EU VAT applied at checkout where applicable.

Direct access to the founder · Influence the roadmap · Priority support

  • Daily or weekly automated scans
  • Unlimited findings
  • Email reports with recommended fixes
  • Email support

Run your free Entra ID scan

Connect with Microsoft

Cancel anytime. No long-term commitment.

Frequently asked questions

Does Entra Analyzer modify anything in my tenant?

No. We only request read-only Microsoft Graph permissions. Entra Analyzer cannot change your configuration.

How quickly can I get started?

Sign in with your Microsoft account, grant read-only access, and your first scan can run the same day.

Can I share the results?

Yes. Every scan produces an email report you can forward to auditors, leadership, or your team.

Where is data stored?

All data is stored and processed within the EU under strict security controls.

What permissions are required?

Only read-only Microsoft Graph permissions. We never request write access. The core permissions are:

  • Directory.Read.All — directory data
  • User.Read.All — user profiles
  • AuditLog.Read.All — sign-in & audit logs
  • Policy.Read.All — Conditional Access policies

A full list of all 13 permissions is shown above and during onboarding.

Ready for your free scan?

Sign in with Microsoft, run your first scan free, and see your tenant's risks in minutes.

Connect with Microsoft