All
Overview
AIRM (Autonomous Identity and Risk Management) monitors AI agents and non-human identities in your Microsoft 365 environment. It detects risk, scores identities, fires alerts, and gives you the tools to respond β including Response Actions to disable, approve, and manage identities directly from the console.
First Steps
1. Connect Your Tenant
Navigate to Tenants in the sidebar and click Add Tenant. A Microsoft 365 Global Administrator must approve the consent screen β this grants AIRM read access to service principals, audit logs, and directory data. The initial connection is read-only. Write permissions for Response Actions can be enabled separately in Settings.
2. Enable Unified Audit Logging
AIRM requires Unified Audit Logging to be enabled in Microsoft Purview before it can detect behavioural anomalies and authentication signals. Go to purview.microsoft.com β Audit β turn on recording. Note: it can take up to 12 hours for Microsoft to begin sending data after enabling. If this is not enabled, a warning banner will appear on the AIRM dashboard.
3. Run the Baseline Scan
Once connected, AIRM triggers a baseline scan automatically. The first scan inventories everything it finds but fires no alerts. You will receive a baseline summary email when it completes. Anomaly signals require 7 days of baseline data before they become fully active.
4. Review the Dashboard
After the baseline scan, the dashboard shows your Tenant Health Score (Risk + Governance components), AI Agent posture, Non-Human Identity posture, and Blast Radius Exposure. The health score updates after every scan.
5. Configure Alerts
Navigate to Alerting and set your alert delivery email and PSA integration. Default settings send alerts for all P1 and P2 findings immediately. P3βP5 can be configured for digest delivery.
6. Connect Integrations
Navigate to Integrations and configure your PSA or notification channels. AIRM has native connectors for ConnectWise Manage, HaloPSA, and Autotask, plus generic webhooks for Slack, Teams, PagerDuty, and others.
Key Concepts
| Term | Definition |
|---|---|
| Service Principal | Any non-human identity in Microsoft 365 β OAuth apps, automation accounts, enterprise applications, and managed identities. |
| AI Agent | A service principal AIRM has classified as an AI-powered tool based on its permissions, publisher, and behaviour signals. Classified as definitive, high-probability, or possible. |
| Non-Human Identity (NHI) | A service principal that is not an AI agent and not a Microsoft first-party app. Includes legacy integrations, service accounts, and automation tools across 9 NHI types. |
| Behaviour Risk Band | AIRM's composite score across Static, Behavioural, and Anomaly dimensions β Critical, High, Medium, or Low. |
| Blast Radius Band | The potential damage if the identity were compromised, based on permissions β not observed behaviour. Calculated independently of the Behaviour Risk Band. |
| Baseline | The initial inventory on first scan. Alerts only fire for changes from the baseline going forward. |
| Response Actions | Write operations available with elevated consent β disable/enable SPs, assign owners, approve, suppress alerts. |
Scan Schedule
Scans run automatically every Monday at 2am. You can trigger a manual scan at any time from the Tenants page. The audit log poller runs every 30 minutes and detects new AI agents within 30 minutes of admin consent being granted.
MSP
MSP Onboarding Flow
As an MSP, you manage multiple client tenants from a single AIRM console. Your account holds the licence β each client tenant you connect is monitored under your MSP plan.
Step 1 β Create your AIRM account
Register at sabikisecurity.com. Your 14-day trial begins immediately with access to all features including PSA integrations and Response Actions. You can connect up to 5 client tenants during the trial.
Step 2 β Connect your own tenant first
Connect your MSP's own Microsoft 365 tenant first. This gives you a reference environment to learn the platform before onboarding clients. Your NFR licence (if applicable) covers your own tenant at no charge.
Step 3 β Connect client tenants
From the Tenants page, click Add Tenant. Each client tenant requires a Global Administrator to approve the AIRM consent screen. You can send the consent link to the client's GA or obtain approval during an onsite visit.
Step 4 β Review initial scan results
The first scan establishes the baseline. Review the AI Agent and NHI lists, check the Blast Radius exposure, and identify any Critical or High risk identities that need immediate attention. The trial results page provides a guided summary.
Step 5 β Configure alerts and PSA integration
Connect your PSA (ConnectWise, HaloPSA, or Autotask) from the Integrations page. Configure alert thresholds and ensure P1/P2 findings create tickets automatically in your PSA.
MSP Console Features
- Tenants overview β health score, AI agent risk, NHI risk, blast radius, and active alerts for every client at a glance
- Unified alerting β alerts from all tenants in one view, filterable by tenant, severity, and type
- Centralised reporting β generate compliance and risk reports for any client tenant from the Compliance & Reporting page
- White-label reports β PDF reports carry your client's logo and company name (MSP Enterprise)
- Invite users β add team members with appropriate roles to manage specific tenants
Direct
Direct Customer Setup
As a direct customer, you are monitoring your own Microsoft 365 environment. The onboarding flow guides you through connecting your tenant, running your first scan, and reviewing initial findings.
Prerequisites
- Microsoft 365 tenant with Global Administrator access
- Unified Audit Logging enabled in Microsoft Purview (required for anomaly detection)
- Microsoft 365 Business Premium, E3, or E5 licence (sign-in log access requires E3/E5 or Azure AD P1/P2)
Onboarding Steps
- Register and select your account type (My Organisation)
- Click Connect Microsoft 365 β approve the read-only consent screen as Global Administrator
- AIRM triggers a baseline scan automatically β this takes 5β15 minutes depending on tenant size
- Review your Trial Results page for the initial risk summary
- Explore the AI Agents and Non-Human Identities lists to understand what AIRM has found
What AIRM monitors
AIRM monitors every service principal in your tenant β AI agents, integrations, legacy apps, automation accounts, and managed identities. It does not monitor user accounts, email content, files, or SharePoint data. AIRM is an identity risk tool, not a DLP or email security tool.
MSP
Connecting a Client Tenant
- From the AIRM console, go to Tenants and click Add Tenant
- Copy the consent URL and send it to the client's Global Administrator, or open it yourself if you have GA access
- The GA approves the read-only consent screen β this grants AIRM access to service principals, audit logs, and directory data
- AIRM redirects back to the dashboard and triggers a baseline scan automatically
- The OnboardingBanner shows scan progress β typically 5β15 minutes
- When complete, click View Results to see the initial risk summary
Enabling Response Actions (optional)
Response Actions require a second consent from the client's Global Administrator to grant write permissions. To enable:
- Go to Settings β Tenant β Response Actions
- Click Enable Response Actions
- The client's GA approves the write-permission consent screen
- Response Actions (disable/enable SPs, assign owners, approve, suppress) are now available for that tenant
Enabling Unified Audit Logging
If the audit log warning banner appears on the dashboard, the client's tenant does not have Unified Audit Logging enabled. Direct the client's GA to:
- Go to purview.microsoft.com
- Navigate to Audit in the left sidebar
- Turn on recording
- Wait up to 12 hours for Microsoft to start sending data
- Trigger a manual scan from the Tenants page to pick up the new data
Tenant Cap During Trial
Trial accounts can connect up to 5 tenants. The cap can be raised by contacting Sabiki Security. On paid MSP plans, there is no tenant cap β you are billed per connected tenant above your plan minimum.
Direct
What AIRM Requests Access To
AIRM uses OAuth 2.0 application permissions (not delegated user permissions). The initial connection requests read-only access to:
| Permission | Why AIRM needs it |
|---|---|
| Application.Read.All | Discover and classify all service principals in the tenant |
| Directory.Read.All | Read group memberships, user details, and organisational structure |
| AuditLog.Read.All | Read audit log events for anomaly detection and authentication intelligence |
| Policy.Read.All | Read Conditional Access policies for coverage assessment |
| Reports.Read.All | Read sign-in reports for authentication intelligence (E3/E5 or P1/P2 required) |
Response Actions Permissions (optional)
If Response Actions are enabled, AIRM requests additional write permissions:
| Permission | What it enables |
|---|---|
| AppRoleAssignment.ReadWrite.All | Assign and remove app role assignments |
| Application.ReadWrite.All | Modify application registrations |
| Directory.ReadWrite.All | Disable/enable service principals, assign owners |
What AIRM Cannot Access
AIRM does not and cannot access: email content, calendar data, files or documents, Teams messages, SharePoint content, or user passwords. AIRM is an identity monitoring tool β it monitors the identity layer, not data.
Revoking Access
To revoke AIRM access, delete the AIRM enterprise application from your Microsoft Entra ID (Azure AD) tenant. All AIRM data for that tenant can be deleted from Settings β Tenant β Remove Tenant.
All
Overview
The Tenant Health Score is a composite score from 0β100 that reflects the overall security posture of an M365 tenant's non-human identity environment. It is calculated from two equally-weighted components: Risk Score and Governance Score.
Health Bands
| Band | Score range | Meaning |
|---|---|---|
| Well Managed | 85β100 | Low risk, good governance. Continue monitoring. |
| Good Standing | 70β84 | Minor issues present. Review flagged identities. |
| Needs Attention | 50β69 | Significant risk or governance gaps. Action required. |
| At Risk | 30β49 | Multiple high-risk identities or poor governance. Urgent action. |
| Critical Exposure | 0β29 | Critical findings present. Immediate action required. |
Risk Score Component (50 points)
Deductions are made for:
- Critical risk identities (large deduction per identity)
- High risk identities (medium deduction per identity)
- Active anomaly flags across the tenant
- Identities without a baseline (newly discovered, unscored)
Governance Score Component (50 points)
Deductions are made for:
- Unreviewed high/critical risk identities (identities that have not been approved or rejected)
- Orphaned NHIs (no owner assigned)
- Expired credentials not yet rotated
Key Insight
A tenant can have low inherent risk but poor governance (all identities are low-risk but none have been reviewed). The two-component model captures both dimensions independently. Approving reviewed identities directly improves the Governance Score.
All
Overview
Response Actions allow you to take direct action on service principals from within AIRM without logging into Microsoft Entra ID. They require a second consent from a Global Administrator to grant write permissions.
Available Actions
| Action | What it does | Reversible? |
|---|---|---|
| Disable SP | Blocks all token issuance for the service principal β prevents it from authenticating to any Microsoft 365 resource | Yes β re-enable from AIRM |
| Enable SP | Re-enables a previously disabled service principal | Yes β disable again if needed |
| Assign Owner | Sets a named user as the owner of the service principal in Microsoft Entra ID | Yes β reassign or remove |
| Approve | Marks the identity as reviewed and sanctioned in AIRM β removes it from blast radius calculations | Yes β revert to unreviewed |
| Classify as AI Agent | Manually promotes a high-probability identity to confirmed AI agent status | Yes β reclassify |
| Suppress Alert | Suppresses a specific alert type for a specific identity for 90 days (Accepted Risk) or 180 days (False Positive) | Yes β remove suppression |
Enabling Response Actions
- Go to Settings β Tenant β Response Actions
- Click Enable Response Actions
- A Global Administrator must approve the write-permission consent screen
- Response Actions become available immediately after consent
Audit Log
Every Response Action is logged in the identity's detail view under the Response Action Log. The log shows the action taken, who took it, when, and includes a before/after record of any changed values. Logs are retained indefinitely and capped at 100 entries per identity.
Licence Requirements
Response Actions are available on Direct Professional and MSP Enterprise plans. They are also available during the 14-day trial so MSPs can evaluate the full feature set.
All
Available Report Types
| Report | Audience | Contents |
|---|---|---|
| Executive Summary | Board / CxO | High-level health score, risk overview, top findings in plain English. Available on all plans including trial. |
| AI Agent Risk Report | Security team / MSP | All confirmed AI agents, risk scores, anomaly signals, attack path profiles, compliance gaps, next steps. Generated at time of click β not weekly. |
| Non-Human Identity Risk Report | Security team / MSP | All NHIs (excluding AI agents and Microsoft first-party), risk breakdown, blast radius, ownership status, remediation priority list. |
| Compliance Framework Report | Compliance / Legal | Per-framework report mapping findings to specific controls. Available for all 11 frameworks. Includes scope declaration, findings with plain-English explanations, and softened remediation recommendations. |
Report Branding
All reports can carry your client's logo and company name. Upload the logo in Settings β Branding. White-label branding is available on Direct Professional and MSP Enterprise plans.
Compliance Report β Scope Declaration
Each compliance report includes a scope declaration explaining which controls AIRM maps to directly (native frameworks like NIST AI RMF, ISO 42001) versus contextually (broader security frameworks like E8, ISO 27001). This ensures the report is honest about what it covers and cannot be misread as a full compliance certification.
Remediation Recommendations
Recommendations in all reports use a review-first approach: review permissions, minimise where practical, and if permissions are genuinely required, assign an owner and approve the identity in AIRM rather than removing access that may break business-critical functions.
All
What is Blast Radius?
Blast Radius measures the potential damage if a service principal's credentials were compromised. It scores what an attacker could do with the identity, not what it has done. A quiet app with write access to Mail, Files, and Directory is still a Critical blast radius identity even if it has never misbehaved.
Blast Radius Band
| Band | Score | Meaning |
|---|---|---|
| Low | 0β24 | Limited scope β attacker access would be constrained |
| Medium | 25β49 | Moderate scope β attacker could access significant data |
| High | 50β74 | Broad scope β significant tenant access if compromised |
| Critical | 75β100 | Near-total tenant access β treat as highest priority |
Attack Path Profile
Every identity has three attack path dimensions scored Low/Medium/High:
- Privilege Escalation β Can an attacker use this identity to gain higher privileges? (e.g. RoleManagement.ReadWrite.All enables role assignment)
- Lateral Movement β Can an attacker move across multiple services? (e.g. access to Mail + Files + Directory)
- Persistence β Can an attacker maintain access after remediation? (e.g. Application.ReadWrite.All enables creating new app registrations)
Blast Radius Map
The blast radius map on the SP detail page shows a network graph of the identity's resource access. Red edges indicate write access, blue dashed edges indicate read access. The larger the centre node and the more red edges, the higher the blast radius.
Approved Identities
Identities that have been reviewed and approved are excluded from blast radius calculations. This allows your team to formally accept the risk of a high-blast-radius identity that is business-critical, while removing it from the exposure metrics that drive the health score.
All
Alert Lifecycle
Alerts have three statuses: Active, Resolved, and Dismissed. There is no snooze or acknowledge state.
| Status | Meaning |
|---|---|
| Active | Condition still present β alert is live and requires attention |
| Resolved | Condition cleared β either manually resolved or auto-resolved when the underlying condition no longer exists |
| Dismissed | Immediately removed from the active list without recording a disposition |
Resolving Alerts
When resolving an alert, you choose a disposition:
- Investigating β Alert is under investigation. Condition noted.
- Resolved β Issue has been addressed.
- Accepted Risk β Risk is acknowledged and accepted. Alert suppressed for 90 days.
- False Positive β Alert is not a genuine risk for this identity. Alert suppressed for 180 days.
Suppression
Suppression prevents the same alert type from re-firing on the same identity for the suppression period. Suppression is stored on the identity record. Critical alert rules (credential manipulation, group manipulation, rogue app) cannot be suppressed.
Auto-Resolution
AIRM automatically resolves alerts when the underlying condition clears. For example, an Orphaned Owner alert auto-resolves when an owner is assigned. A Risk Band Escalation alert auto-resolves if the risk band improves on a subsequent scan.
Webhooks
Alert webhooks fire on alert creation only β not on resolution. The payload is a standard JSON object including tenant ID, SP name, alert type, risk band, priority tier, and anomaly flags. Webhooks are configurable per tenant and can be sent to any HTTPS endpoint. The payload is HMAC-SHA256 signed.
All
Priority Tier Reference
| Tier | Label | Response time | Criteria |
|---|---|---|---|
| P1 | Active Threat | Immediately | Credential manipulation, group manipulation, rogue app with recent activity, coordinated anomaly (3+ signals), new high-privilege app within 24 hours |
| P2 | Act Today | Same day | Rogue app detected, access sequence anomaly, critical unreviewed identity after 24 hours, dormant revival, 2+ anomaly conditions on high-risk identity |
| P3 | Act This Week | Within 7 days | High risk band, credential expiry, high-risk baseline findings after 7 days |
| P4 | Review When Able | Within 30 days | Medium risk findings, general governance gaps |
| P5 | Informational | No action required | Low risk signals, informational findings |
Automatic Escalation Rules
Four conditions always escalate to Critical/P1 regardless of composite score:
- SP Credential Manipulation β identity has added credentials to another service principal
- Group Member Manipulation β identity has added members to a Microsoft 365 group
- Rogue App Detected β identity matches the Traitorware/Huntress rogue app catalogue
- Coordinated Anomaly β 3 or more anomaly conditions active on the same identity simultaneously
All
Triage Workflow
- Review the alert β Check the priority tier, alert type, and affected identity. P1/P2 alerts require immediate attention.
- Open the identity detail β Click through to the SP detail page. Review the Risk Summary tab for active anomaly signals, scope history, and the Risk Profile radar.
- Check blast radius β Open the Blast Radius Analysis tab. Understand what an attacker could reach if this identity were compromised.
- Determine legitimacy β Is this identity known? Is its behaviour expected? Check the publisher, first seen date, and authentication history.
- Take action β If the identity is legitimate: approve it and assign an owner. If suspicious: use Response Actions to disable it and escalate for investigation. If a false positive: resolve with False Positive disposition to suppress for 180 days.
P1 Response Checklist
- Disable the SP immediately using Response Actions if you cannot verify its legitimacy within 15 minutes
- Check the authentication history for recent sign-in events
- Review scope history for recent permission changes
- Check if other identities from the same publisher are also flagged
- Document your findings in the alert resolution note
- Re-enable the SP only after confirming it is legitimate or after the owner has been contacted
All
Behavioural Anomaly Signals (AN-01 to AN-11)
These signals require a baseline to be established (minimum 1 prior scan). They detect deviations from each identity's own historical pattern.
| Signal | Name | What it detects | Baseline required |
|---|---|---|---|
| AN-01 | Scope Drift | New permissions added since last scan β the permission scope has expanded beyond its baseline | Yes |
| AN-02 | Dormant Revival | Identity showed no activity for 30+ days then resumed β sudden reactivation after dormancy | Yes |
| AN-03 | Time-to-Action | New identity started making API calls within 1 hour of first being seen β unusually fast activation | No |
| AN-04 | Velocity Spike | API call volume 5x or more above the identity's own baseline within a scan window | Yes |
| AN-05 | Sensitivity Label Access | Identity accessed Purview sensitivity-labelled content (E5 tenants with Information Protection) | No |
| AN-06 | Access Sequence Anomaly | Directory β Mail β Files write sequence within 4 hours β the canonical recon-to-exfiltration pattern | No |
| AN-07 | External Share Co-occurrence | File access followed by external share event within 24 hours | No |
| AN-08 | Credential Age Anomaly | New credentials added to an existing identity β potential credential stuffing or persistence technique | Yes |
| AN-09 | Resource Breadth Expansion | Identity accessed new resource types not previously seen in its baseline | Yes |
| AN-10 | SP Credential Manipulation | Identity added credentials to another service principal β critical lateral movement and persistence technique. Always P1. | No |
| AN-11 | Group Member Manipulation | Identity added members to a Microsoft 365 group β potential privilege escalation via group-based access. Always P1. | No |
Authentication Intelligence Signals (AN-S1 to AN-S6)
These signals analyse sign-in patterns from the audit log. They require 7 days of baseline data and sign-in log access (M365 E3/E5 or Azure AD P1/P2).
| Signal | Name | What it detects |
|---|---|---|
| AN-S1 | New IP Range | Authentication from an IP address or range not seen in the 7-day baseline |
| AN-S2 | New User Agent | Authentication using a new client application or SDK not previously seen β fires immediately on first occurrence |
| AN-S3 | Off-Hours Authentication | Authentication outside business hours (10pmβ6am or weekends) when not part of established baseline pattern |
| AN-S4 | Authentication Velocity Spike | Token requests 3x above 7-day baseline within a 1-hour window |
| AN-S5 | New Resource Access | Authentication to a Microsoft 365 resource not seen in the 7-day baseline |
| AN-S6 | Geographic Anomaly | Authentication from a country not seen in the 7-day baseline (requires IP geolocation) |
All
Overview
Authentication Intelligence monitors how service principals authenticate, not just what permissions they have. It builds a 7-day rolling baseline of sign-in patterns per identity and fires anomaly signals when patterns deviate.
Data Sources
AIRM polls the Microsoft Graph audit log for service principal sign-in events every 30 minutes. Specifically it reads /auditLogs/signIns filtered to application-only sign-ins.
Licence Requirements
Sign-in log access requires one of:
- Microsoft 365 E3 or E5
- Azure Active Directory Premium P1 or P2
- Microsoft Entra ID P1 or P2
If sign-in logs are not available, Authentication Intelligence signals (AN-S1 through AN-S6) will not fire. All other AIRM features remain fully functional.
Baseline Period
A 7-day baseline is required before most authentication signals activate. AN-S2 (New User Agent) is the exception β it fires immediately on first occurrence without requiring a baseline.
Authentication History View
The Authentication History tab on each SP detail page shows a timeline of recent sign-in events including method (App Only vs Delegated), source IP, user agent, and the resources accessed. Anomaly flags are shown inline with the relevant events.
All
AI Agent Classification
AIRM classifies service principals as AI agents based on permissions, publisher metadata, app name patterns, and known AI vendor catalogues. Three confidence levels are used:
| Confidence | Meaning | Included in metrics? |
|---|---|---|
| Definitive | High-confidence match β known AI vendor, catalogue match, or explicit AI permissions. Counted in all metrics and scoring. | Yes |
| High | Strong signals β multiple AI indicators present but not a catalogue match. Shown in AI agent list with HIGH badge. Excluded from metric counts until confirmed. | No β pending review |
| Possible | Weak signals β one or two AI indicators. Shown in NHI list with "Possible AI" warning badge. | No |
High-confidence agents can be promoted to Definitive by clicking "Confirm as AI Agent" in the console. This counts them in all metrics and scoring going forward.
Traitorware Detection
AIRM maintains a catalogue of OAuth applications documented by Huntress (Traitorware) as used in real-world identity attacks. A Traitorware match immediately classifies the identity as Definitive AI agent and triggers a Critical/P1 alert regardless of other signals.
NHI Type Classification
Non-human identities are classified into 9 types:
| Type | Description |
|---|---|
| SaaS Connector | Third-party SaaS integration (Salesforce, HubSpot, etc.) |
| Internal App | Custom application built by the organisation |
| Legacy App | Older application using basic auth or older OAuth patterns |
| Automation Account | Service account used for scripting or automation |
| Managed Identity | Azure managed identity attached to a resource |
| Service Principal | Generic service principal without a specific classification |
| API Client | Application consuming Microsoft Graph or other APIs |
| Developer Tool | Development or testing application |
| Unclassified | Insufficient signals to determine type |
NHI types can be manually reclassified by clicking the type badge on the NHI detail page.
Orphaned Identities
An identity is flagged as orphaned (isOrphaned: true) when its registered owner has left the organisation or the owner field is empty. Orphaned identities have no accountable person and are flagged across all list views and reports.
All
Credential Monitoring
AIRM tracks the age and expiry of credentials (client secrets and certificates) for every service principal. Credentials that are old, expired, or newly added outside of expected rotation windows are flagged.
Credential Age Thresholds
| Age | Status | Action |
|---|---|---|
| 0β180 days | Current | No action required |
| 181β365 days | Ageing | Plan rotation |
| 365+ days | Stale | Rotate immediately β contributes to Static Risk score |
| Expired | Expired | Credential has passed its expiry date β rotated or identity may be broken |
Credential Age Anomaly (AN-08)
If new credentials are added to an existing identity outside of a known rotation window, AN-08 fires. This can indicate an attacker adding a backdoor credential to maintain persistence after the legitimate credentials are rotated.
Credential Expiry Alerts
Credential expiry alerts fire after the 14-day baseline grace period. They are P3 priority by default. If credentials expire on an actively used identity, AIRM will also flag the authentication failure in the Authentication History tab.
All
Supported Frameworks
| Framework | Region | Type | Mapping |
|---|---|---|---|
| NIST AI RMF | United States | AI Governance | Direct β designed specifically for AI system governance |
| ISO 42001 | Global | AI Management | Direct β AI management system standard |
| EU AI Act | European Union | AI Regulation | Direct β high-risk AI system obligations |
| UK CAF 4.0 | United Kingdom | Cyber / CNI | Direct β CAF B2 explicitly covers automated function access |
| MAS TRM | Singapore | Financial | Direct β technology risk management for financial institutions |
| CERT-In / DPDP | India | Cyber / Data | Direct β access controls and incident reporting obligations |
| DORA | European Union | Financial | Direct β ICT third-party risk and operational resilience |
| ASD Essential Eight | Australia | Cyber | Contextual β E8 is not AI-specific but identity controls are relevant |
| BSI IT-Grundschutz | Germany | Cyber | Contextual β identity and access management controls |
| Cyber Essentials | United Kingdom | Cyber | Contextual β access control and least privilege |
| ISO 27001 | Global | Information Security | Contextual β access management and monitoring controls |
Direct vs Contextual Mapping
Direct mapping β the framework was designed for AI systems or non-human identity governance. AIRM findings map precisely to specific controls. These reports are most defensible in regulatory conversations.
Contextual mapping β the framework is a broader security or compliance standard with identity-relevant controls. AIRM surfaces the applicable controls but cannot assess the full framework. Each contextual report includes a scope declaration explaining this distinction.
Generating Compliance Reports
From Compliance & Reporting, select a framework and click Generate & Download. The report is generated live from current scan data β it reflects the state of your tenant at the time of generation. Reports include a cover page, executive summary, scope declaration, per-control findings, and a remediation priority list.
All
Native PSA Integrations
AIRM has native two-way integrations with the three leading MSP PSA platforms. P1 and P2 alerts automatically create tickets in your PSA.
| PSA | Ticket creation | Licence required |
|---|---|---|
| ConnectWise Manage | Automatic on P1/P2 alert creation | Direct Pro / MSP Enterprise |
| HaloPSA | Automatic on P1/P2 alert creation | Direct Pro / MSP Enterprise |
| Autotask | Automatic on P1/P2 alert creation | Direct Pro / MSP Enterprise |
Generic Webhook
Any system that accepts HTTPS webhooks can receive AIRM alerts. The webhook payload is a standard JSON object, HMAC-SHA256 signed. Configure from Settings β Integrations β Generic Webhook.
Webhooks fire on alert creation only. The payload includes: tenant ID, tenant name, SP name, SP app ID, alert type, priority tier, risk band, anomaly flags, blast radius band, and a link to the identity in AIRM.
PSA Setup (ConnectWise example)
- Go to Settings β Integrations β ConnectWise
- Enter your ConnectWise company ID, public key, private key, and client ID
- Select the board and status for new AIRM tickets
- Click Test Connection to verify credentials
- Enable the integration β alerts will now create tickets automatically
Licence Requirements
PSA integrations are available on Direct Professional and MSP Enterprise plans. Generic webhooks are available on all paid plans and during the trial.
MSP
Account Management
Your AIRM account holds the licence that covers all connected tenants. The account owner has full access to all settings, users, and tenants.
Adding Tenants
From the Tenants page, click Add Tenant. New tenants are billed from the start of your next billing cycle. See the MSP Billing article for details on the client trial flow.
Removing Tenants
From the Tenants page, click the tenant and select Remove Tenant. Billing for that tenant stops at the end of the current billing cycle. All scan data and history is retained for 30 days then permanently deleted.
Report Branding
Go to Settings β Branding to upload your logo and set your company name. These appear on all PDF reports. On MSP Enterprise, you can also set per-tenant branding for white-labelled reports with the client's own logo and name.
User Management
From the Tenants page, click Invite User. Users can be assigned roles (see Roles & Permissions article). MSP accounts can invite multiple team members. Users can be restricted to specific tenants if needed.
Support Access
Sabiki Security support can be granted temporary access to your account for troubleshooting via Settings β Support Access. Access is time-limited and logged. You can revoke it at any time.
Direct
Account Settings
Access your account settings from the Settings page in the sidebar. Key settings include:
- Tenant connection β view connection status, reconnect, or remove your tenant
- Response Actions β enable write permissions for direct action on identities
- Alert configuration β set alert delivery email, thresholds, and suppression rules
- Integrations β connect PSA tools or configure webhooks
- Branding β upload your logo for PDF reports
Manual Scans
Trigger a manual scan at any time from the Tenants page. Manual scans run immediately and produce results within 5β15 minutes depending on tenant size. Useful after making changes to your Microsoft 365 environment or enabling Unified Audit Logging.
Data Retention
Scan history and identity data is retained indefinitely while your account is active. If your account expires or is cancelled, data is retained for 30 days then permanently deleted.
All
User Roles
| Role | Access level | Key permissions |
|---|---|---|
| Owner | Full access | All settings, billing, user management, all tenants, Response Actions |
| Admin | High access | All tenants, Response Actions, settings (except billing and user management) |
| Analyst | Standard access | View all data, approve/review identities, resolve alerts. No Response Actions write operations. |
| Viewer | Read only | View dashboards, lists, and reports. Cannot take any actions. |
Response Actions and Roles
The disable/enable SP action and other write operations require Admin or Owner role. Approve, assign owner, and suppress alert actions are available to Analyst role and above.
Tenant Scoping
MSP accounts can restrict users to specific client tenants. An Analyst with access to Tenant A cannot see data from Tenant B unless explicitly granted. Owners always have access to all tenants.
MSP
The Client Conversation
Most clients have never seen a list of the non-human identities operating in their Microsoft 365 tenant. The AIRM scan results, especially the first one, are often a genuine surprise. The conversation is not "here is a problem you have" but "here is something you have never had visibility into before."
Key Talking Points
- AI agents are proliferating β every Microsoft Copilot extension, Power Automate flow, and third-party integration creates a new identity with permissions. AIRM is the first tool purpose-built to monitor them.
- Non-human identities outnumber humans 100:1 β in most M365 tenants, there are far more service principals than users. None of them have MFA. All of them have persistent credentials.
- Blast radius is the risk that matters β a quiet app with write access to Mail, Files, and Directory is a Critical risk even if it has never misbehaved. Show the blast radius map.
- Compliance obligations are real β EU AI Act, DORA, NIST AI RMF all require AI governance. AIRM produces the evidence.
QBR Structure
- Open with the Health Score β "Your tenant is at 63/100. Here is why."
- Show the top 3 highest blast radius identities β "If any of these were compromised, here is what an attacker could reach."
- Show the compliance gap report β "Here is how this relates to your regulatory obligations."
- Show the remediation priority list β "Here are the specific actions we recommend."
- Show the trend β health score over time demonstrates ongoing value.
MSP Revenue Model
MSPs on Enterprise tier ($149/tenant/month) typically bill clients at $199β249/tenant/month, generating 34β67% gross margin on the AIRM component. Every scan also generates remediation findings, which are billable professional services work at standard MSP hourly rates. QBR delivery typically adds $150β300 per client per quarter.
MSP
MSP Overview Dashboard
The Tenants page shows every client tenant in a unified view. Each tenant card shows the health score, AI agent risk score, NHI risk score, blast radius band, and active alert count. Tenants are sorted by health score (lowest first) so the clients most in need of attention are always at the top.
Unified Alerting
The Alerting page shows alerts from all connected tenants in one view. Filter by tenant, priority tier, alert type, or risk band. P1 alerts from any tenant are immediately visible without needing to switch tenant context.
Scan Management
Scans run automatically for all connected tenants every Monday at 2am. You can trigger a manual scan for any individual tenant from the Tenants page. Scan history and duration are visible in the admin panel.
Switching Tenant Context
The AI Agents, Non-Human Identities, Compliance, and Alerting views always show data for the currently selected tenant. Switch tenant context from the Tenants page or from the tenant selector in the header when available.
MSP
Billing Model
MSP plans are billed per tenant per month on annual commitment. Your monthly invoice is always the greater of your actual connected tenant count or your plan minimum.
| Plan | Price | Minimum | Min monthly |
|---|---|---|---|
| MSP Professional | $99/tenant/mo | 5 tenants | $495 |
| MSP Enterprise | $149/tenant/mo | 10 tenants | $1,490 |
Adding Tenants
When you add a new tenant mid-cycle, billing for that tenant begins at the start of your next billing cycle β not immediately. The tenant is fully monitored from the moment it is connected.
Offering Client Trials
Because new tenants are not billed until the next billing cycle, you can connect a prospective client's tenant mid-cycle and remove it before your billing date if they decide not to proceed β at no charge to you.
Recommended approach: Connect the client tenant in the middle of your billing cycle. They receive approximately 2 weeks of free monitoring. If they proceed, leave the tenant connected and it bills from your next cycle. If they do not proceed, remove the tenant before your billing date.
Removing Tenants
Billing stops at the end of the current billing cycle. Your tenant count never drops below the plan minimum for billing purposes. Annual commitment means no mid-year subscription cancellation β only tenant count changes are permitted.
All
Microsoft 365 Requirements
| Requirement | Licence | Impact if missing |
|---|---|---|
| Core SP monitoring | Any M365 plan | Not applicable β works on all M365 tenants |
| Unified Audit Logging | Any M365 plan (must be enabled) | Anomaly detection and authentication intelligence unavailable |
| Sign-in logs (auth intelligence) | M365 E3/E5 or Azure AD P1/P2 | AN-S1 through AN-S6 signals unavailable. All other features work. |
| Sensitivity label access detection | M365 E5 with Information Protection | AN-05 signal unavailable |
AIRM Licence Tiers
| Feature | Trial | Core/Pro | MSP Pro | MSP Enterprise |
|---|---|---|---|---|
| AI agent & NHI monitoring | β | β | β | β |
| Full risk scoring | β | β | β | β |
| Alerting (full lifecycle) | β | β | β | β |
| Compliance reports | β | β | β | β |
| Full PDF reports | Exec only | β | β | β |
| PSA integrations | Trial access | Pro only | Enterprise only | β |
| White-label branding | β | Pro only | β | β |
| Response Actions | Trial access | Pro only | β | β |
| Tenant cap | 5 | Unlimited | Min 5 | Min 10 |
NFR Licence
The NFR (Not For Resale) licence is a free full-Enterprise licence granted to MSP partners for use on their own internal Microsoft 365 environment. Contact mark@sabikisecurity.com to request an NFR licence as part of MSP partner onboarding.
All
Common Issues
Anomaly signals not firing
Anomaly signals require a baseline. If AIRM was connected recently, allow at least 2 scans (approximately 8 days) before expecting anomaly signals. Authentication intelligence signals (AN-S1 to AN-S6) require 7 days of sign-in log data and an M365 E3/E5 or Azure AD P1/P2 licence.
Audit log warning showing on dashboard
Unified Audit Logging is not enabled in the client's Microsoft Purview tenant. Go to purview.microsoft.com β Audit β turn on recording. Allow up to 12 hours for Microsoft to start sending data, then trigger a manual scan.
Health score not updating
The health score updates after every completed scan. If it hasn't updated, trigger a manual scan from the Tenants page and wait for it to complete. If the scan fails, check the scan health panel in the admin panel for error details.
PSA integration not creating tickets
Verify your PSA credentials are correct using the Test Connection button in Settings β Integrations. Ensure the board and status you selected still exist in your PSA. Check that the integration toggle is enabled. Tickets are only created for P1 and P2 alerts by default β check your alert threshold settings.
No service principals appearing after scan
This usually means the consent was not approved by a Global Administrator. Only a GA can grant tenant-wide application permissions. Reconnect the tenant and ensure a GA approves the consent screen.
Response Actions button greyed out
Response Actions require a second consent from a Global Administrator for write permissions. Go to Settings β Tenant β Response Actions to initiate the consent flow. Also verify your AIRM licence includes Response Actions (Direct Pro or MSP Enterprise).
Blast radius showing as 0 for AI agents
Trigger a manual scan β blast radius is calculated during the scan and older AI agent records may not have been scored yet. After a fresh scan all identities should have blast radius scores.
Getting Support
Contact support at support@sabikisupport.com. Include your tenant ID (visible in Settings) and a description of the issue. For P1 issues, include "URGENT" in the subject line.
Ticket format: AIRM-{TENANTCODE}-{SEQUENCE}. Response times: Priority email support within 4 hours for Direct Pro and MSP Enterprise. Standard email support within 24 hours for all other plans.