Know your Microsoft
environment is secure.

Security tooling and expertise for Microsoft Entra ID and Microsoft 365 — built to run in your tenant, under your control.

See our solutions

Security by design

Managed Identity
Zero stored credentials
Runs in your tenant
Entra ID authentication

The threat landscape

600M+

identity attacks observed by Microsoft every single day

Password spray, credential stuffing, and phishing — the volume never stops.

Source·Microsoft Digital Defense Report 2024

Products

See it in action

Click through each feature to explore the dashboard and reporting interface.

CA Policy VaultDashboard overview
CA Policy Vault
Basewiser
contoso.onmicrosoft.com
24 policies
Guard Armed
AW
24
Live Policies
All backed up
156
Total Backups
Last: 2m ago
2
Drifts Detected
Last 24 hours
3
Total Restores
1 today
Policy Health
Enabled
18
Report-Only
4
Disabled
2
Recent Activity
Live
Scheduled backup — 24 policies
2m ago
Drift detected: MFA Policy
1h ago
Guard Mode restored policy
1h ago
Comparison — no changes
3h ago

Why Basewiser

Security that runs itself

Deploy once, protect continuously. No agents, no SaaS dependency, no data leaving your tenant.

100% self-hosted

Runs entirely in your Azure tenant. Policy JSON never crosses a trust boundary. No external API calls, no telemetry, no licence server.

Guard Mode auto-reverts

Detects unauthorized CA policy changes and restores the last known-good backup automatically — in seconds with event-driven mode.

Real-time drift detection

Compares live CA policies against backups on a configurable schedule. Every diff is logged with full before-and-after detail.

Zero Trust scoring

17-control assessment scores your Conditional Access posture against Zero Trust principles with actionable, prioritized recommendations.

Identity health reports

Automated scoring of stale accounts, guest sprawl, privileged role creep, MFA gaps, and Conditional Access coverage — delivered on schedule.

30-minute deployment

A single PowerShell script provisions everything — Function App, Storage, Managed Identity, permissions. No manual portal configuration.

Deployment

Live in one session

From zero to full Conditional Access protection in under 30 minutes.

1

Run the setup script

One PowerShell command provisions the Function App, Storage Account, Managed Identity, and all Graph API permissions.

2

Configure your schedule

Choose your backup frequency, comparison interval, and notification channels from the web dashboard. Sensible defaults are pre-configured.

3

Sit back, stay protected

Backups run automatically. Drift is detected in real time. Guard Mode reverts unauthorized changes. You get notified — not paged.

Compliance

Audit-ready from day one

Basewiser helps meet the configuration management, change control, and access monitoring requirements demanded by major compliance frameworks.

ISOISO 27001
SOCSOC 2
EUNIS2
USNIST 800-53
CISCIS Controls
GDPRGDPR Art. 32

Configuration management

Document and baseline your access controls

Automated backups capture the complete state of every Conditional Access policy on schedule. SHA-256 hashes prove integrity. Auditors get a verifiable configuration baseline without manual screenshots.

ISO 27001 A.8.9NIST CM-6CIS Control 4

Change control

Track every change, attribute every actor

Drift detection logs every modification with before-and-after diffs, timestamps, and who made the change. Guard Mode goes further — unauthorized changes are automatically reverted in seconds.

SOC 2 CC8.1NIST CM-3ISO 27001 A.8.32

Access monitoring

Continuously monitor logical access controls

Real-time monitoring of the policies that govern who can access what, from where, and under which conditions. Tamper-evident audit trails provide the evidence reviewers need.

SOC 2 CC6.1NIS2 Art. 21GDPR Art. 32
A note on scope: Basewiser addresses compliance controls specific to Conditional Access policy management — configuration baselines, change control, and monitoring. It is one part of a broader compliance posture, not a complete solution for any single framework.

Editions

Standard vs Premium

Both editions include full backup, restore, and monitoring. Premium adds real-time protection.

CapabilityStandardPremium
Automated scheduled backups
Policy comparison with visual diff
Point-in-time restore
Zero Trust assessment & risk scoring
Email & Teams notifications
SHA-256 integrity verification
Guard Mode (auto-restore)Premium
Event-driven backups via Event HubPremium
Actor attribution on changesPremium
Change allowlist (approved admins)Premium

Services

Need hands-on help?

Alongside our products, we take on consulting engagements for organisations that need expert guidance on their Entra ID and Microsoft 365 security setup.

Conditional Access review

Structured review of your CA policy estate — gaps, conflicts, and remediation plan.

Entra ID architecture

Design and implementation of identity architecture aligned with Zero Trust principles.

Security assessments

Hands-on evaluation of your Microsoft 365 security posture with prioritised findings.

FAQ

Common questions

Everything you need to know before deploying.

Get started

Ready to protect
your tenant?

Start with a free evaluation. No commitment, no credit card. Deploy in your own Azure subscription and see the results.

Explore our solutions