Permafrost EPM discovers all identities and permissions across your Azure tenants, compares assigned access against actual usage, and generates right-sized custom roles to eliminate over-privilege.
From discovery to remediation — close the permission gap
Automatically inventory all users, groups, service principals, managed identities, and AI agents across your Azure tenants.
Compare assigned permissions against actual exercised permissions. See exactly which permissions are unused and by whom.
Unused Permission Risk Score (UPRS) quantifies your organizational attack surface per identity. Prioritize remediation by risk level — critical, high, medium, low.
Generate least-privilege custom Azure roles based on actual usage patterns. Export as ARM templates or Terraform.
Identify identities with active role assignments but no sign-in activity in 90+ days.
Flag dangerous permission combinations that could enable privilege escalation attacks.
Connect and monitor multiple Azure tenants from a single dashboard. Each tenant is analyzed independently.
An admin from your organization grants OAuth consent for read-only access. Permafrost never modifies your Azure environment.
We scan your Azure tenant to discover all identities, roles, permissions, and correlate them with actual usage from activity logs.
View the permission gap for every identity. Generate right-sized custom roles and export them as ARM templates to apply.
Pay based on the number of objects (users, groups, service principals, managed identities, agents) in your connected tenants.
For small teams exploring Azure entitlement management.
For organizations serious about least-privilege access.