Your clients have applications
you forgot about.
Attackers didn't.

Every Microsoft 365 tenant contains dozens of connected applications operating silently in the background — AI assistants, backup tools, OAuth integrations, SaaS platforms. Most were connected months or years ago. Most have never had their credentials rotated. And fewer than 1 in 10 organisations have any monitoring in place. This is the fastest-growing attack surface in your clients' environments. Here's what an attack looks like — and how AIRM catches it.

197

Days — average time to detect a breach

IBM Cost of a Data Breach 2024

68%

Of breaches involve a non-human identity vector

CrowdStrike 2024

<10%

Of organisations have any NHI monitoring in place

Sabiki Security 2026

$4.9M

Average breach cost — compromised credentials

IBM Cost of a Data Breach 2024

+27%

Cyber insurance premium uplift — no identity hygiene proof

Marsh 2025

The Scenario — AI Email Assistant Compromise

☠

AI Email Assistant Compromise — Professional Services Firm

85 users · Third-party AI writing tool · Permissions: Mail.ReadWrite + Directory.Read.All · Blast radius: High · Client secret never rotated

18 months
earlier

Setup

The firm connects an AI email assistant to M365. The application is granted Mail.ReadWrite and Directory.Read.All — standard for this tool. A developer stores the application's client secret in a private GitHub repository. The secret is never rotated.
Day 0
Anytime

Discovery

An attacker identifies the firm uses this AI tool from public sources (marketplace listing, LinkedIn). They search GitHub for the application's client secret using an automated scanning tool. They find it within minutes. The credential has been there for 18 months.
Saturday
02:14

Breach

The attacker authenticates to M365 as the AI application using the stolen client secret. No MFA prompt fires. No suspicious login alert triggers. The authentication is technically valid — the correct credential was used. From Microsoft's perspective, everything looks normal.
Saturday
02:14–02:17

Exploitation

The attacker begins reading executive email and enumerating the full user directory. The AI application continues performing its normal functions alongside the attacker. Without monitoring, this access can persist indefinitely — every email sent or received by 85 people, readable at will.
Saturday
02:14

AIRM detects

Signal 1 fires: Off-Hours Authentication. This application's 7-day baseline shows it authenticates Mon–Fri 08:00–19:00. Activity at 2am Saturday is an immediate deviation. AIRM registers the anomaly against this identity's specific baseline — not a generic threshold.
Saturday
02:17

AIRM detects

Signal 2 fires: New Resource Access. The application queries the user directory — a resource it has held permission to access for 18 months but has never actually touched. Legitimate applications access predictable resources. Accessing a new resource is a hallmark of an attacker exploring available permissions.

Two concurrent Critical signals on a high-blast-radius identity → alert escalated to CRITICAL.
Saturday
02:19

AIRM acts

A prioritised ticket is created automatically in ConnectWise / HaloPSA / Autotask with full context attached: identity name, signals fired, baseline comparison, blast radius score, full permission list, and available one-click response actions. Your technician has everything they need before they've opened the ticket.
Monday
08:03

Resolved

Your technician opens the ticket at the start of their shift. The picture is complete — anomalous auth times, new directory access, blast radius score, permission context. They use AIRM's one-click Disable Identity action to cut off the attacker's access directly from within AIRM — no Azure AD console, no vendor call, no escalation.

Credentials flagged for immediate rotation. Investigation determines: exposure window — 6 hours. Audit trail updated. Client notified. Job closed.

Without AIRM

✗ Attacker has valid credentials — no alert fires at point of compromise
✗ MFA and Conditional Access do not apply to service principal authentication
✗ Periodic scanner runs Monday — attacker had five days of undetected access
✗ Executive email readable at will for an unknown period — potentially months
✗ Average discovery time for NHI breaches: 197 days

With AIRM

✓ Off-hours authentication detected within minutes of first access
✓ New resource access flagged immediately — anomaly vs 18-month baseline
✓ Critical PSA ticket auto-created with full context at 02:19 Saturday
✓ Identity disabled with one click from within the ticket workflow
✓ Exposure window: 6 hours. Audit trail complete.

📡 Six Behavioural Signals AIRM Monitors

Off-Hours AuthenticationActivity outside each application's historical operating window
New Resource AccessApplication accesses a resource it has never touched before
Authentication Method Changee.g. certificate → password; attacker replaying a stolen secret
Dormant Identity ActivatedInactive application begins authenticating again
Authentication Volume SpikeEvents spike dramatically vs 7-day per-identity baseline
Impersonation SpikeApp authenticates on behalf of an unusually large user set

⚡ Six One-Click Response Actions

1
Disable Compromised IdentityCalls Graph API to disable the SP instantly — no Azure AD console access required
2
Classify & ConfirmAI Agent / NHI / Microsoft First-Party — correct or confirm AIRM's classification
3
Approve / Flag / ReviewAuditable compliance workflow — ISO 42001, DORA, SOC2 AI extensions
4
Assign OwnerNamed accountability recorded in AIRM and Azure AD via Graph API
5
Alert Suppression90-day suppression with disposition — auto-expires, fully auditable
6
Native PSA TicketingConnectWise · HaloPSA · Autotask — no middleware, no connector tax

Why AIRM — not a periodic scanner, not an enterprise tool retrofitted for MSPs

M365-nativeNo Entra ID P2. No Azure infra. No endpoint agents.

MSP-first architectureMulti-tenant control plane. The only one on the market.

Per-identity baselines7-day learning per app — not generic thresholds that flood with false positives.

Blast radius scoringKnow which NHIs matter most before the attack happens.

Compounding moatHistorical anomaly data accumulates with every scan — gets sharper the longer you run it.

Native PSA ticketingConnectWise, HaloPSA, Autotask — zero middleware.

See what's in your clients' tenants right now.

AIRM connects to a Microsoft 365 tenant in under five minutes — no agents, no infrastructure changes. Run a pilot scan and see every non-human identity, its risk score, blast radius, and ownership status before you commit to anything.

Request MSP Pilot Talk to the Team

Your clients have applicationsyou forgot about.Attackers didn't.

Your clients have applications
you forgot about.
Attackers didn't.