M365, Entra ID & Azure configuration backup, change monitoring & rollback — ~30 object types including Conditional Access, Entra users (cloud + hybrid), OAuth permission grants, role assignments, app registrations, Intune, Teams settings, Exchange transport rules, Azure NSG rules, Key Vault, RBAC, and managed identities. Plan → approve → execute rollback workflow with dry-run.
AD & M365 user reporting — unified Active Directory, Microsoft 365 / Entra ID, and Google Workspace user reporting. Inactive users, disabled-but-licensed users, privilege creep on security-significant groups, MFA gaps, sign-in anomalies, password-policy violations, and licence-cost recovery. One report set across every client tenant.
SharePoint & OneDrive file-change monitoring — M365 SharePoint Online and OneDrive for Business activity monitoring with actor and external-share visibility, mass-download and ransomware-pattern detection.
Risk-Based Notifications & Alerts — five severity bands (Critical / Server outage / High / Moderate / Low) with per-recipient rate limits and per-recipient daily digest schedules. Two digest slots per band with editable day-of-week selection (defaults: Mon–Fri + Sat–Sun). Digests follow a “this band and above” rule, so one digest can carry the whole day. Per-subscriber timezone with DST-correct delivery. “Do not send” toggle per band. Inactive-user alerts for Active Directory, Microsoft 365, and Google Workspace. Empty digests are suppressed automatically. Built for MSPs — one subscription can cover every client company or each contact can be scoped to just their own.
On-premises file change monitoring (FIM) — cross-platform file integrity monitoring on Windows, macOS, and Linux endpoints and file servers. Creates, writes, deletes, renames, and ACL changes with actor attribution. Audit-ready evidence for SOC 2, HIPAA, NIST SP 800-171, CMMC 2.0, PCI DSS v4, ISO 27001:2022, and CIS Controls v8.