VaultFuzionVaultFuzionBY KAPARDYN
Products/Add-Ons/VentraID

VentraID

Identity Protection Suite
IBackup
IIIntelligence
IIIOrchestration
IVAdvanced
VentraID · Identity-Layer Resilience

Identityisthenewperimeter.Weprotecteverylayerofit.

Four progressive tiers — Backup, Intelligence, Orchestration, Advanced — that capture, audit, orchestrate and defend Microsoft Entra ID across your full MSP fleet.

USERSGROUPSCA POLICIESAPPSROLESDEVICESVENTRAID
Snapshot · 04:00 UTC
Drift detected · 2 fields
Compliance score · A+
0
Object types backed up
0
Compliance controls scored
0
Identity threat detectors
0h
Snapshot cadence
The reality

Most breaches don't break the perimeter. They walk in through identity.

Microsoft's 2025 Digital Defense Report attributes more than two-thirds of confirmed breaches to identity-layer compromise. Conditional Access drift, dormant service principals, and abandoned guest accounts are the surfaces attackers actually weaponise.

Compromised credentials67%
MFA fatigue / push bombing43%
Token theft / replay38%
OAuth consent abuse24%
SOURCE: MICROSOFT DDR 2025 · IDENTITY ATTACK VECTORS
The progression

Start with backup. Add intelligence, orchestration, and defence as your fleet grows.

Each tier builds on the one before it. Every customer gets the snapshot engine on day one; the higher tiers add drift, deployment, and detection layers — billed only on the tenants that consume them.

TIER I$35.00/tenant/mo

VentraID Backup

Configuration resilience for the entire identity layer.

Every policy, every role, every device — captured every four hours and held for seven years with a tamper-evident audit chain.

  • Continuous backup of users, groups, conditional-access, named locations, service principals, directory roles, devices, and applications.
  • Authentication-method policies and PIM role-management policies captured on every snapshot.
  • Point-in-time restore preserves every GUID and relationship — no orphaned references after recovery.
  • Hash-chained, tamper-evident snapshot history; 7-year sign-in and audit-log retention for compliance.
  • Soft-delete recovery from the recycle bin alongside a full recreate-from-backup mode.
LIVE SNAPSHOT TIMELINE
06-03
14:30
CLEAN
06-03
18:30
CLEAN
06-03
22:30
+1 DRIFT
06-04
02:30
CLEAN
06-04
06:30
+3 DRIFT
06-04
10:30
CLEAN
4H CADENCE · 7Y RETENTION● HASH-CHAINED
TIER II$75.00/tenant/mo

VentraID Intelligence

Drift detection and multi-framework compliance scoring on every snapshot.

A field-level diff engine watches every change and grades each tenant against the frameworks your auditors actually audit against.

  • Field-level drift engine catches every config change between snapshots — severity-classified, ack-or-remediate workflow.
  • Compliance scoring against CIS, NIST 800-63, POPIA, SOC 2, and ISO 27001 with letter-grade results.
  • Cross-tenant comparison surfaces parity questions across your portfolio in one view.
  • Stale-account detection, MFA reporting, and one-click rollback of any object to a prior snapshot.
  • Daily tenant-health composite (RPO / RTO / compliance / drift) with history trending.
  • Scheduled compliance reports delivered as PDF and CSV exports on a daily cadence.
DRIFT DETECTED · 04:01 UTC
~CA Policy: "Block Legacy Auth"
- conditions.locations.includeLocations: ["AllTrusted"]
+ conditions.locations.includeLocations: ["All"]
~Service Principal: github-actions-ci
- passwordCredentials[0].endDateTime: 2026-08-12
+ passwordCredentials[0].endDateTime: 2027-08-12
CIS
A
NIST
B+
POPIA
A
SOC 2
A
ISO 27001
A
Compliance grade per framework after this drift
TIER III$150.00/tenant/mo

VentraID Orchestration

Versioned identity baselines you author once and ship to your fleet.

Templates, bulk deployment, and Conditional-Access What-If — built for MSPs who manage tens or hundreds of tenants from one chair.

  • Versioned, publish-able security templates for conditional-access, named locations, role assignments, and app registrations.
  • Bulk cross-tenant deployment with 4-eye approval workflow and atomic rollback on failure.
  • Conditional-Access What-If simulator powered by Microsoft Graph — preview impact before deploy.
  • CA gap-analysis matrix scans sample users × platforms × client apps to surface unprotected scenarios.
  • Template propagation from an anchor tenant to your full portfolio in one operation.
TEMPLATE → 12 TENANTS · 4.2s
T1T2T3T4T5T6T7T8T9T10T11T12ANCHORCA-baseline-v3
4-eye approval · atomic rollback● 12/12 healthy
TIER IV$250.00/tenant/mo

VentraID Advanced

Identity threat detection, license recovery, and an AI compliance copilot.

Eleven detectors watch the identity plane on a four-hour cadence. Hygiene, license waste, and break-glass automation handle the rest.

  • Eleven identity-threat detectors: impossible-travel, brute force, token replay, mass deletion, federated-domain spoofing, credential spraying, and more.
  • Cross-tenant threat correlation finds attacks that span multiple tenants in your fleet.
  • Live license-waste analyzer with dollar-savings projections per Microsoft SKU.
  • Hygiene engine surfaces orphaned apps, stale service principals, expired credentials, empty groups — with one-click remediation.
  • Break-glass account vault: monthly password rotation, sealed-credential retrieval, and full access logging.
  • Configuration-as-Code: connect a Git repo so every policy change flows through pull-request review before reaching Entra.
  • Conversational AI compliance copilot answers tenant-admin questions grounded in your live config.
LIVE THREAT FEED · 11 DETECTORS
04:12● IMPOSSIBLE_TRAVEL· kapardyn-corpHOLD
04:09● BRUTE_FORCE· acme-financeHOLD
04:01● TOKEN_REPLAY· globex-mspHOLD
03:58● CRED_SPRAY· umbrella-grpHOLD
03:55● BREAK_GLASS_USAGE· kapardyn-corpHOLD
03:51● MASS_DELETION· soylentHOLD
03:47● FED_DOMAIN_ADDED· tyrell-corpHOLD
03:42● API_ANOMALY· cyberdyneHOLD
The MSP fleet view

One pane across every tenant. No spreadsheets, no swivel-chair audits.

Hover any cell to drill into that tenant's drift, threat, and compliance state. Click to open the full MSP-portfolio dashboard. Bulk-deploy a baseline to every B-grade tenant in one approval cycle.

  • Cross-tenant policy parity in seconds
  • Threat correlation across your full portfolio
  • Per-tenant SLA + quarterly compliance scorecards
  • Bulk template deployment with atomic rollback
30 ACTIVE TENANTS● ALL HEALTHY
A
A
A-
A
B+
A
A
A-
B
A
A-
A
B+
A
A
A-
A
B
A
A-
A
B+
A
A
A-
A
A
B+
A
A
Compliance scoring

Five frameworks. Letter grades on every tenant, every week.

Stop quoting auditors generic "best practice" templates. Score against the frameworks they audit against.

FRAMEWORK8 CONTROLS
CIS M365
Center for Internet Security benchmark for Microsoft 365.
FRAMEWORK7 CONTROLS
NIST 800-63
Digital identity guidelines from the US National Institute of Standards.
FRAMEWORK6 CONTROLS
POPIA
South African Protection of Personal Information Act.
FRAMEWORK9 CONTROLS
SOC 2 (CC)
AICPA Common Criteria for trust services.
FRAMEWORKMAPPED
ISO 27001
International information-security management standard.
The honest comparison

We don't replace identity providers. We make sure that when something breaks, you can prove what changed.

✓ full coverage · ~ partial · ✗ not in product

8 / 8
VentraID covers every capability in this matrix.
The next-best competitor covers 4 / 8 — and only one of those at full depth.
VENDORBackupPIM + IntuneDrift detectionPOPIA scoringCA What-IfCross-tenantAI copilotBreak-glass
OURSVentraID8/8 ✓
Microsoft Entra ID Backup (preview)0/8 ✓~~
Veeam M365 (Entra)1/8 ✓
Quest On Demand1/8 ✓~~
Cayosoft Guardian1/8 ✓~~
AvePoint Cloud Backup1/8 ✓
CrowdStrike Falcon ITP0/8 ✓~
Pricing

Pay only for what each tenant runs.

TIER I
Backup
Snapshot, restore, 7-yr audit
MONTH-TO-MONTH
$35.00/ tenant / mo
TIER II
Intelligence
Includes Backup
MONTH-TO-MONTH
$75.00/ tenant / mo
TIER III
Orchestration
Includes Backup + Intelligence
MONTH-TO-MONTH
$150.00/ tenant / mo
TIER IV
Advanced
Full suite
MONTH-TO-MONTH
$250.00/ tenant / mo
Frequently asked

The answers most evaluators ask first.

Stop hoping nothing breaks. Start knowing what changed.

VentraID layers on top of any Kapardyn base tier. Backup ships in under an hour; Intelligence, Orchestration, and Advanced layer on whenever you want them.