EntraAnalyzer

For IT admins, security teams & consultants

Automated security scans for Microsoft Entra ID

Connect your tenant, choose daily or weekly scans, and receive a clear email with findings and recommended fixes — straight to your inbox.

Connect with Microsoft
Microsoft Entra ID overview
Read-only permissions
No agents to install
EU data residency
Sign in with Microsoft

We will never

  • Modify settings in your tenant
  • Create users, roles, or policies
  • Write data back to Entra ID

Required permissions

All permissions are read-only. Nothing is ever written back.

View all 13 Graph permissions
  • Directory.Read.AllRead directory data (users, groups, roles)
  • User.Read.AllRead all user profiles and properties
  • AuditLog.Read.AllRead sign-in activity and audit logs
  • Group.Read.AllRead all groups and memberships
  • Application.Read.AllRead all application registrations
  • RoleManagement.Read.DirectoryRead directory role assignments
  • Policy.Read.AllRead Conditional Access and security policies
  • UserAuthenticationMethod.Read.AllRead users' authentication methods (MFA)
  • Device.Read.AllRead device objects and compliance state
  • DeviceManagementManagedDevices.Read.AllRead Intune managed devices
  • IdentityRiskEvent.Read.AllRead Identity Protection risk events
  • AccessReview.Read.AllRead access reviews configuration
  • EntitlementManagement.Read.AllRead entitlement management configuration

Everything in one scan.

Daily or weekly scans

Schedule automated scans that check your Entra ID configuration and surface new risks.

Connect with Microsoft

Prioritized findings

Every scan ranks defects by severity so you know exactly what to fix first.

Learn more

Email reports

Get a clear summary emailed after each scan — forward it to leadership, auditors, or your security team.

How it works

Sign in with Microsoft

Authenticate with your existing Microsoft account and grant read-only access to your Entra ID tenant.

We scan automatically

Choose daily or weekly cadence. Entra Analyzer checks for misconfigurations, risky changes, and policy drift.

Get your email

Receive a clear, prioritized summary with findings and recommended fixes delivered to your inbox.

See exactly what you will receive.

Every scan generates a prioritized security report showing severity, what's wrong, and how to fix it. Enter your email and we'll send you a real sample with demo data.

Simple, transparent pricing.

Start with a free scan. Upgrade when you are ready.

Limited launch offer — $20 off

EntraAnalyzer

29/mo USD

49/mo

per tenant, billed monthly

  • Daily or weekly automated scans
  • Unlimited findings
  • Email reports with recommended fixes
  • Email support
Connect with Microsoft

Cancel anytime. No long-term commitment.

Frequently asked questions

Does Entra Analyzer modify anything in my tenant?

No. We only request read-only Microsoft Graph permissions. Entra Analyzer cannot change your configuration.

How quickly can I get started?

Sign in with your Microsoft account, grant read-only access, and your first scan can run the same day.

Can I share the results?

Yes. Every scan produces an email report you can forward to auditors, leadership, or your team.

Where is data stored?

All data is stored and processed within the EU under strict security controls.

What permissions are required?

Only read-only Microsoft Graph permissions. We never request write access. The core permissions are:

  • Directory.Read.All — directory data
  • User.Read.All — user profiles
  • AuditLog.Read.All — sign-in & audit logs
  • Policy.Read.All — Conditional Access policies

A full list of all 13 permissions is shown above and during onboarding.

Ready for your first scan?

Sign in with Microsoft and Entra Analyzer handles the rest.

Connect with Microsoft