Will TrueConfig make changes to my production tenant?

No. TrueConfig operates in read-only monitoring mode by default. We never make changes to your Microsoft 365 environment without your explicit approval. All remediation actions require confirmation.

What Microsoft permissions does TrueConfig need?

TrueConfig requires read permissions to evaluate your configuration (Directory.Read.All, Policy.Read.All, RoleManagement.Read.All, etc.). For optional auto-remediation features, write permissions are requested separately and only when you enable those features.

How long does the initial scan take?

Most tenants complete their first scan in 2-5 minutes. Larger environments with thousands of users may take up to 15 minutes. Subsequent incremental scans are much faster.

Yes. TrueConfig uses zero-knowledge architecture—we never store your Microsoft credentials. All data is encrypted at rest and in transit. We are hosted in EU data centers and are SOC 2 Type II compliant.

Can I try TrueConfig before purchasing?

Absolutely. TrueConfig offers a free tier that lets you connect one tenant and run unlimited scans. No credit card required to start.

Entra rolesPIM eligibleConditional AccessApp registrations

Desired State Configuration for Microsoft 365 identity.

You define what "secure" looks like once. TrueConfig continuously checks your tenant against that desired state, shows where it deviates, and helps you bring it back into alignment.

Security Baseline Status

Baseline Enforced

MFA for Global Admins

Conditional Access Policy

Enforced

Guest Access Review

Identity Governance

Correcting Drift

Legacy Auth Blocked

Exchange Online

Enforced

Last scan: 2 mins agoTenant: contoso.onmicrosoft.com

50+

IT teams trust TrueConfig

10,000+

Security controls monitored

500+

Drift events auto-remediated

2,400+

Admin hours saved monthly

"TrueConfig caught a misconfiguration that would have failed our SOC 2 audit. It paid for itself in the first week."

IT Manager

300-person SaaS company

"We used to spend 8 hours a month manually checking Entra ID settings. Now it's automatic and I sleep better."

Security Lead

Mid-market financial services

"The drift detection caught someone disabling MFA at 2am. Without TrueConfig, we wouldn't have known until the audit."

IT Director

Healthcare organization

GDPR Compliant

Data stored in EU

SOC 2 Type II in progress

Read-only by default

Entropy is the default state of Entra ID.

Over time, even the best-managed tenants degrade. Temporary admin access becomes permanent. Conditional Access policies develop blind spots. Exceptions are granted and forgotten.

Accumulated Access

Temporary admin access becomes permanent, leaving doors open indefinitely.

Policy Drift

Conditional Access policies develop blind spots as new apps and users are added.

Manual Reviews

Valuable hours spent reviewing logs during audits or scrambling during incidents.

Instead of moving forward, you spend valuable hours manually reviewing logs.

Observation Is Not Control

Detection without correction leaves you in the same broken state.

Monitoring tools flood you with alerts but don't fix the root cause.

Compliance scanners generate PDF reports that are obsolete instantly.

Custom scripts are brittle and require constant maintenance.

None of these tools take ownership of the intended configuration.

How TrueConfig Works (DSC Loop)

Desired State Configuration is a control loop, not a one-time scan. You define what secure looks like, TrueConfig continuously checks reality against it, and helps you correct deviations before they become incidents.

Define Desired State

Adopt TrueConfig's secure baselines (L1-L3). Explicit adoption, versioned. Overrides allowed, tracked.

Detect Deviations

Drift evaluated only in context of baseline. Clear expected vs actual diffs. Severity tied to baseline impact.

Enforce Alignment

One-click remediation. Safe previews with boundaries. Full control over what gets corrected.

Maintain Stability

Continuous re-evaluation. Audit trail as a side effect. Optional notifications when state changes.

Drift Status

3 Deviations Detected

Action Required

Global Admin Added

User 'jdoe@external.com' was assigned Global Administrator role.

MFA Policy Disabled

Conditional Access policy 'Require MFA for Admins' was disabled.

Review and Remediate

Simple, transparent pricing.

Saving just two hours of senior admin time pays for the month.

MonthlyAnnualSave 13%

Essential

€86/month

Billed annually (€1032/year)

For small teams starting to standardize their environment.

Real-time drift detection
Opinionated security baseline
Configuration audit trail

No credit card required

RECOMMENDED

Pro

€260/month

Billed annually (€3120/year)

For growing IT departments needing deeper control and history.

Everything in Essential
One-click remediation
Change history with explanations

No credit card required

Scale

€434/month

Billed annually (€5208/year)

For organizations requiring automated enforcement and multi-tenant support.

Everything in Pro
Automatic enforcement
Multi-tenant support

No credit card required

Built with production systems in mind.

Every action is logged, previewed, and reversible. Control stays in your hands.

Visibility first

See the full picture before enabling enforcement.

Preview everything

See exactly what will happen before it happens.

Full audit trail

Every detection and action is logged permanently.

Reversible

Actions are designed to be safe and recoverable.

Frequently asked questions

Everything you need to know before getting started.

No. TrueConfig operates in read-only monitoring mode by default. We never make changes to your environment without explicit consent. When you're ready for remediation, you enable it per-control with full preview of what will change before any action is taken.

Still have questions? Contact us

Documentation

Complete Documentation

Get started in minutes with our comprehensive guides, detailed control references, and troubleshooting help.

Quick Start

Connect your tenant and run your first security scan in under 10 minutes.

Get started

Control Reference

Complete catalog of all 34 controls across Level 1, 2, and 3 baselines.

View controls

Troubleshooting

Resolve connection issues, scan failures, and permission errors quickly.

Get help

View all documentation

Stop managing drift. Start enforcing state.

Your identity configuration stays aligned with your desired state. Continuously.