Tenant Discovery: Why Point-in-Time Snapshots Aren't Enough

When a governance platform first connects to your Azure environment, it runs a discovery pass — it looks at your subscriptions, inventories your resources, maps dependencies, and builds a picture of what you're running. That initial picture is often genuinely impressive. Hundreds of resources, across multiple regions, with relationships and RBAC assignments all mapped out.

Then time passes. Developers deploy. Infrastructure is provisioned. Resources are retired. And that initial picture starts going stale.

The snapshot problem

Point-in-time discovery tools give you an accurate view of your Azure estate at a specific moment. That moment is typically when you run a scan. Between scans, you're navigating with a map that may no longer match the territory.

For small, stable environments, this is manageable. For any team practicing continuous delivery — deploying to Azure regularly as part of normal development — it's a real problem. A misconfiguration introduced in a deployment on Tuesday won't surface until the next scheduled scan. If that scan runs weekly, you've had an undetected issue for days.

The problem compounds when you're managing multiple tenants. Keeping a current picture of one active Azure environment is hard. Keeping a current picture of three or five, each with their own deployment cadence, is operationally expensive with point-in-time tools.

What continuous discovery enables

Tenant Discovery — a continuously updated model of your Azure estate — changes what governance can actually do.

The most direct benefit is drift detection. When Tenant Discovery maintains a baseline and compares the current state against it, any change to your environment can be evaluated immediately rather than at the next scheduled scan. A new storage account that allows public access surfaces in minutes, not days.

The less obvious benefit is context. A governance platform that knows your environment continuously can do things a point-in-time tool can't. It can tell you that a resource you're proposing to remediate was provisioned two days ago and is likely still being configured. It can recognize that a pattern you're seeing across three subscriptions appeared after a specific deployment. It can maintain a longitudinal view of how your WAF scores have changed over time, not just what they are today.

Day-one preparedness

There's a meaningful difference between a governance platform that asks "what are you running?" and one that already knows.

When Stratoscope connects to a new tenant, Tenant Discovery runs immediately. Before your first conversation with the platform, it has already mapped your subscriptions, inventoried your resources, identified your cost distribution, and flagged any immediate security findings. The first interaction isn't about gathering context — it's about acting on what's already been found.

For Azure administrator teams managing multiple tenants, this changes the onboarding experience significantly. New tenants aren't blank slates that need to be manually described. They're environments the platform already understands, ready to assess and remediate from the first session.

The right baseline for governance

Governance work is only as good as the information it's based on. Decisions about what to remediate, what to prioritize, and what to watch are all downstream of how well you understand your current state.

Point-in-time snapshots are a starting point. Continuous Tenant Discovery is the baseline that makes closed-loop governance possible — because you can't close the loop on findings you haven't found yet.