Stop identity threats before they become breaches in your Azure environment.

TENET continuously monitors every role assignment, sign-in event, and permission change across your Azure estate — surfacing over-privileged accounts, anomalous access, and dormant identities before they become a liability.

Identity Threat Detection

Six threat patterns. Zero blind spots.

TENET ingests Azure Monitor activity logs and Entra ID audit data to continuously evaluate identity events against known attack patterns — no additional agents or log forwarding required.

• ✓Impossible Travel — flag sign-ins from geographically impossible locations within a short time window
• ✓Anomalous Sign-in — detect sign-ins from new devices, locations, or unusual hours not matching user baseline
• ✓Suspicious Permission Grants — alert on sensitive role assignments made outside normal change processes
• ✓Legacy Authentication — identify IMAP, POP3, and SMTP sign-ins that bypass modern MFA controls
• ✓Bulk Operations — detect high-volume resource changes that indicate automated misuse or account takeover
• ✓Stale Credential Usage — surface authentication from accounts flagged as dormant or pending decommission

Privileged Access Governance

Know exactly who has what — and why.

TENET merges Azure RBAC assignments and Entra ID role data into a unified principal view. Every role is risk-classified, every scope is mapped, and every over-privileged assignment is surfaced for review.

• ✓Risk classification of 25+ built-in Azure and Entra ID roles across Critical, High, Medium, and Low tiers
• ✓Unified view of Users, Groups, Managed Identities, App Service Principals, and legacy accounts
• ✓Scope mapping from subscription-level down to individual resource assignments
• ✓Last-activity tracking with dormancy alerts for accounts inactive over 90 days
• ✓Direct portal links for each role assignment — review and remediate without leaving TENET
• ✓CSV export of the full RBAC inventory for audit evidence and change management

Dormant Account Management

Unused credentials are open doors.

Accounts that are no longer active but still hold elevated permissions represent one of the highest-value targets for attackers. TENET automatically identifies and flags these before they're exploited.

• ✓Track last sign-in date for all users and service principals across every Azure subscription
• ✓Automatic dormancy alerts when privileged accounts exceed the 90-day inactivity threshold
• ✓Severity escalation for dormant principals holding Critical or High-risk roles
• ✓Built-in remediation workflow — review, deprovision, or escalate directly from the IAM dashboard
• ✓Audit trail of all dormant account reviews for compliance evidence

Service Principal & Automation Governance

Your automation layer needs a security layer.

Service principals, managed identities, and app registrations are often the most over-privileged identities in any Azure environment — and the hardest to track. TENET classifies every one of them.

• ✓Classify all service principals as Managed Identities, App Service Principals, or Legacy accounts
• ✓Surface service principals holding sensitive roles — Owner, Contributor, Key Vault Admin
• ✓Flag principals with no recent activity that retain privileged access
• ✓Detect new unreviewed service principals added to high-risk roles
• ✓Cross-reference with Azure activity logs to validate expected automation behavior
• ✓Generate exportable service principal inventory for auditor review