Security at Driftmark

Read-only access to Microsoft Entra ID

Driftmark connects to Microsoft Entra ID using Microsoft Graph APIs with read-only permissions. The platform collects configuration metadata required to capture configuration snapshots and detect configuration drift across identity controls.

Driftmark does not modify Microsoft Entra ID configuration.

Required Microsoft Graph permissions

Driftmark requires Microsoft Graph permissions to read configuration data across key identity control families. Permission scope covers configuration visibility for the following families:

Configuration data collected by Driftmark

Driftmark collects configuration metadata required to capture configuration snapshots and evaluate drift across identity controls. This includes policy configuration, role assignments, application configuration, access settings, and governance configuration.

Data Driftmark does NOT collect

Configuration snapshot storage

Driftmark stores configuration snapshots that represent the state of identity configuration at specific points in time. These snapshots allow comparison between states to detect configuration drift and support review workflows.

Only configuration metadata necessary for drift detection and reporting is stored.

Security principles

Responsible disclosure

If you believe you have discovered a security vulnerability in Driftmark, please contact us.

Built by identity security practitioners

Driftmark is developed by identity and access management practitioners with deep experience in Microsoft Entra ID architecture, governance, and security operations.

The platform is designed to reflect real-world identity security challenges faced by enterprise environments.