Shorten the close and the IT audit.
A read-only pass over your Microsoft tenant. Ten minutes, not three weeks.

Databa · live

capture loop / 00:00

01 audit running

Captured from the signed binary running its --demo tenant, looping. · Finding shapes are real; this tenant is synthetic.

What it is

a binary, not a SaaS login

Lightning speed

The close-acceleration and IT-controls pass that A&M, FTI, or AlixPartners scope as a multi-week engagement. Run by the admin already in the seat, finished before the meeting.

runtime one binary, one pass, ~30 minutes

Deterministic

Same tenant, same result. Rule- and signature-based, run off your own machine. No language model in the audit path, so every finding is provenance-stamped and reproducible.

output HTML report + JSON, byte-stable across runs

Free

The audit costs nothing and writes nothing. The revenue line is the remediation the report makes obvious. Nothing about the audit is gated on that follow-on.

terms read-only, metadata only, stays on the machine

What it finds

defects vs hygiene · ranked, with a fix-this-week top ten

D-001 Defect

BI Power BI check model.integrity.refresh

Board-reported model failing refresh against a renamed source

dataset="Group Financials FY26"   workspace=Finance (Prod)
  last successful refresh = 2026-04-29   (19 days stale)
  broken relationship: Actuals[CostCentre] -> Dim_CC[Code]
  consumed by 3 board-distributed reports

D-004 Defect

AZ Azure RBAC check arm.role.inline.secret

Owner-scoped principals and a secret embedded in a deployment template

subscription=prod-core   Owner assignments=7   (2 to guest principals)
inline secret in ARM template "sql-failover.json":
  administratorLoginPassword set as a literal string parameter default

D-007 Defect

ID Identity · PIM check identity.privileged.standing

Standing Global Administrator without MFA or PIM eligibility

role=Global Administrator   assignment=permanent (not PIM-eligible)
  principal=svc-legacy-sync   mfa=false
  last interactive sign-in=2026-05-14 03:11 UTC

H-002 Hygiene

FL Power Automate check flow.invoker.context

Flow running under its author's identity after the author departed

flow="Vendor payment approvals"   trigger=scheduled, daily
  runs as=j.farrell@acme   account state=disabled (departed)
  connections still authorised: SharePoint, SQL, Outlook

Findings are tiered defects vs hygiene and ranked into a fix-this-week top ten. Open the sample report ↗

Surfaces probed

read-only · metadata only · nothing leaves the machine

BIPower BImodel integrity, refresh state, public links, dataset ownership
IDIdentity & PIMstanding privilege, MFA enrolment, PIM eligibility, guest roles
AZAzure RBACowner-scope sprawl, inline secrets in templates, subscription roles
FLPower Automateinvoker context, departed-author flows, connector destinations
GRMicrosoft Graphapplications, oauth grants, consent posture, role assignments
DVDataversesystem roles, service principals, table-level org-wide reads

After the read

seeing is free · fixing is the engagement

The audit

Ten minutes, deterministic, you keep the report. Nothing below is gated on it, ever.

cost free, always

The deeper review

A guided pass over the findings: the blast-radius map of which dataset, role, and secret touches what, what is load-bearing versus cosmetic, what to fix first. Read-only. Interpretation, not access.

output a prioritized map, not raw findings

Remediation

When you want it fixed, we fix it, or hand your team the exact change set. The engagement, scoped to what the report already made obvious. Seeing what is broken stays free; this is the line.