Identityisthenewperimeter.Weprotecteverylayerofit.
Four progressive tiers — Backup, Intelligence, Orchestration, Advanced — that capture, audit, orchestrate and defend Microsoft Entra ID across your full MSP fleet.
Most breaches don't break the perimeter. They walk in through identity.
Microsoft's 2025 Digital Defense Report attributes more than two-thirds of confirmed breaches to identity-layer compromise. Conditional Access drift, dormant service principals, and abandoned guest accounts are the surfaces attackers actually weaponise.
Start with backup. Add intelligence, orchestration, and defence as your fleet grows.
Each tier builds on the one before it. Every customer gets the snapshot engine on day one; the higher tiers add drift, deployment, and detection layers — billed only on the tenants that consume them.
VentraID Backup
Configuration resilience for the entire identity layer.
Every policy, every role, every device — captured every four hours and held for seven years with a tamper-evident audit chain.
- ✓Continuous backup of users, groups, conditional-access, named locations, service principals, directory roles, devices, and applications.
- ✓Authentication-method policies and PIM role-management policies captured on every snapshot.
- ✓Point-in-time restore preserves every GUID and relationship — no orphaned references after recovery.
- ✓Hash-chained, tamper-evident snapshot history; 7-year sign-in and audit-log retention for compliance.
- ✓Soft-delete recovery from the recycle bin alongside a full recreate-from-backup mode.
VentraID Intelligence
Drift detection and multi-framework compliance scoring on every snapshot.
A field-level diff engine watches every change and grades each tenant against the frameworks your auditors actually audit against.
- ✓Field-level drift engine catches every config change between snapshots — severity-classified, ack-or-remediate workflow.
- ✓Compliance scoring against CIS, NIST 800-63, POPIA, SOC 2, and ISO 27001 with letter-grade results.
- ✓Cross-tenant comparison surfaces parity questions across your portfolio in one view.
- ✓Stale-account detection, MFA reporting, and one-click rollback of any object to a prior snapshot.
- ✓Daily tenant-health composite (RPO / RTO / compliance / drift) with history trending.
- ✓Scheduled compliance reports delivered as PDF and CSV exports on a daily cadence.
VentraID Orchestration
Versioned identity baselines you author once and ship to your fleet.
Templates, bulk deployment, and Conditional-Access What-If — built for MSPs who manage tens or hundreds of tenants from one chair.
- ✓Versioned, publish-able security templates for conditional-access, named locations, role assignments, and app registrations.
- ✓Bulk cross-tenant deployment with 4-eye approval workflow and atomic rollback on failure.
- ✓Conditional-Access What-If simulator powered by Microsoft Graph — preview impact before deploy.
- ✓CA gap-analysis matrix scans sample users × platforms × client apps to surface unprotected scenarios.
- ✓Template propagation from an anchor tenant to your full portfolio in one operation.
VentraID Advanced
Identity threat detection, license recovery, and an AI compliance copilot.
Eleven detectors watch the identity plane on a four-hour cadence. Hygiene, license waste, and break-glass automation handle the rest.
- ✓Eleven identity-threat detectors: impossible-travel, brute force, token replay, mass deletion, federated-domain spoofing, credential spraying, and more.
- ✓Cross-tenant threat correlation finds attacks that span multiple tenants in your fleet.
- ✓Live license-waste analyzer with dollar-savings projections per Microsoft SKU.
- ✓Hygiene engine surfaces orphaned apps, stale service principals, expired credentials, empty groups — with one-click remediation.
- ✓Break-glass account vault: monthly password rotation, sealed-credential retrieval, and full access logging.
- ✓Configuration-as-Code: connect a Git repo so every policy change flows through pull-request review before reaching Entra.
- ✓Conversational AI compliance copilot answers tenant-admin questions grounded in your live config.
One pane across every tenant. No spreadsheets, no swivel-chair audits.
Hover any cell to drill into that tenant's drift, threat, and compliance state. Click to open the full MSP-portfolio dashboard. Bulk-deploy a baseline to every B-grade tenant in one approval cycle.
- ✓Cross-tenant policy parity in seconds
- ✓Threat correlation across your full portfolio
- ✓Per-tenant SLA + quarterly compliance scorecards
- ✓Bulk template deployment with atomic rollback
Five frameworks. Letter grades on every tenant, every week.
Stop quoting auditors generic "best practice" templates. Score against the frameworks they audit against.
We don't replace identity providers. We make sure that when something breaks, you can prove what changed.
✓ full coverage · ~ partial · ✗ not in product
| VENDOR | Backup | PIM + Intune | Drift detection | POPIA scoring | CA What-If | Cross-tenant | AI copilot | Break-glass |
|---|---|---|---|---|---|---|---|---|
| OURSVentraID8/8 ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Microsoft Entra ID Backup (preview)0/8 ✓ | ~ | ✗ | ✗ | ✗ | ~ | ✗ | ✗ | ✗ |
| Veeam M365 (Entra)1/8 ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Quest On Demand1/8 ✓ | ✓ | ~ | ~ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Cayosoft Guardian1/8 ✓ | ✓ | ~ | ~ | ✗ | ✗ | ✗ | ✗ | ✗ |
| AvePoint Cloud Backup1/8 ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| CrowdStrike Falcon ITP0/8 ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ~ | ✗ | ✗ |