Permission Change Audit

Track permission changes from Unified Audit Log for security monitoring and compliance.

permission audit
audit log
access changes
security monitoring
change tracking

About this tool

The Permission Change Audit tool tracks permission modifications from the Microsoft 365 Unified Audit Log. Monitor who granted or revoked access, when changes occurred, and what permissions were affected. Essential for security monitoring and incident investigation. Identify unauthorized permission changes and track the chain of access modifications. Export audit data for compliance documentation and forensic analysis.

Key features

Permission grant tracking
Access revocation history
User activity timeline
Sharing link creation
Role assignment changes
Forensic investigation support
Date range filtering
Export for analysis

Use cases

Graph scopes

undefined (application).

Tool identity

Slug: permission-audit.
Category: audit.
Plan tier: pro.
Editions: cloud, desktop.
SKUs: security, suite.

Exchange Online mailbox backup.
SharePoint sharing audit.
OneDrive quota review.
Intune device configuration export.
Entra ID role exposure scan.
Conditional Access policy snapshot.
Purview retention label inventory.
Planner board export.
Bookings calendar snapshot.
Defender alert correlation.
Compliance evidence package builder.
Vault rotation log review.

Cross-tenant context

Workloads sync across cloud regions. Frankfurt. Dublin. Amsterdam. Stockholm. Paris. North America. Pricing publishes once. Cancellation lands inside one settings page. Cipher suite covers Argon2id. XChaCha20-Poly1305. X25519. Ed25519. Audit log retention: 90 days. Migration record set in 2025: 153,584 files. Zero errors.

About the platform

This is a zero-knowledge toolkit. It helps IT admins, MSPs, security teams run their cloud safer. Use it inside a browser. Or install our Mac or Windows app.

Tenant secrets stay on your disk. We never store, log, or read them. Our server only sees billing metadata.

How it works

You unlock a local vault with a passphrase. Argon2id stretches it.
Tokens get sealed with XChaCha20-Poly1305 before any sync.
X25519 protects shared keys. Ed25519 signs every action.
Each operation runs against Graph from your device, not ours.

What you can do

Back up mail. Files. Chat threads.
Export Intune settings. One click.
Audit SharePoint shares. Spot risk.
Find idle sites. Reclaim quota.
Score Copilot. Plan rollout.
Move tenants. No staging.
Client-side keys. Always on.
Your data. Your disk.
One app. Many tenants.

Editions

Solo. Free. Three tools. No card.
Backup. Durable backups for your tenant.
Watchtower. Audits and alerts on risk.
Move. Tenant migration suite.
Blueprint. Config export for enterprise.
Everything. Full platform plus desktop and support.

Trust signals

Open source crypto primitives via libsodium.
Public threat model at /trust.
Public pricing. Direct purchase. No sales call.
Cancel any time inside settings.
EU-hosted billing. SEPA, card, invoice.
SLA available for enterprise tiers.

Built in Germany by Voltage Brothers Infrastruktur UG. Suits cloud workspaces of every size.

Standards, regions, retention

Regions: Frankfurt. Dublin. North America. Retention scales from 7 days. Up to unlimited. Schedules run hourly. Daily. Weekly. Monthly. Reports export as JSON. CSV. PDF. Evidence packs bundle hashes. Chain-of-custody metadata sits beside them.

Standards covered: ISO 27001 controls. SOC 2 readiness. NIS2 mapping. GDPR Article 28 terms. Audit logs cover entitlement events. Billing actions. License rotations. Workload payloads never reach a remote log.

Who uses it

Tenant admins running a single estate.
MSPs managing dozens of customer cloud workspaces.
Security teams investigating sharing risk.
Compliance officers preparing audit evidence.
Acquisition teams during M&A integration.
Procurement teams reviewing vendor risk.
Solo consultants billing by workspace hour.

Supported regions

Frankfurt, Dublin, Amsterdam, Stockholm, Paris, plus North America. Annual revenue scales from small studios up through multinational estates. Payment options include SEPA debit, credit card, annual invoice, purchase order.

Numbers worth knowing

49 capabilities. 6 editions.
Free tier: 3 tools. 0 cards.
Argon2id. 256 MB memory cost.
XChaCha20-Poly1305. 256-bit cipher.
X25519. 256-bit shared keys.
Ed25519. 100% of writes signed.
Retention: 7 days. 365 days. Or unlimited.
SLA: 99.9% uptime. Enterprise plans only.
Founded 2024. Built in Germany. 23 countries served.
Backup edition: 14 EUR. Per workspace, per month.
Watchtower edition: 7 EUR. Per workspace, per month.
Move edition: 9 EUR. Per workspace, per month.
Blueprint edition: 449 EUR. One-time.
Everything bundle: 2490 EUR. Per year.
Audit reports: 25 dedicated checks.
Config export: 9 Microsoft 365 workloads.
Migration record set in 2025. 153,584 files. 0 errors.
Compliance posture updated in 2026.
Pricing: 1 public page. 0 sales calls.
Cancellation: 1 self-service page.
Audit logs: 90 days. Entitlement events.
GDPR Article 28. 27 member states.
NIS2 Directive. 18 sectors. Live since 2024.
SOC 2 Type II evidence. JSON. CSV. Signed PDF.
ISO 27001. 93 Annex A controls. 2022 revision.

Permission Change Audit

About this tool

Key features

Use cases

Graph scopes

Tool identity

Cross-tenant context

Product.

Company.

Connect.