A living model of your Azure environment
Most governance tools show you a snapshot. Stratoscope builds a continuously updating model — resources, permissions, cost signals, and WAF posture tracked across every sweep, so the platform always knows what's actually running.
What Tenant Discovery tracks
Six dimensions of your Azure environment, updated on every sweep cycle and fed into the governance engine.
Resource inventory
Every subscription, resource group, VM, storage account, Key Vault, network component, and managed identity — catalogued, typed, and relationship-mapped. Drift from expected state is flagged automatically.
Permission posture
Service principal assignments, role changes, and over-privileged identities surface in real time. When a permission changes, you know within the next sweep cycle — not when it causes an incident.
Cost signals
FOCUS-standard cost data with period-over-period trending. Anomalies — a budget spike, an unexpected service cost — are flagged before month-end closes.
WAF posture
All five Azure Well-Architected Framework pillars: Security, Reliability, Cost Optimization, Operational Excellence, and Performance Efficiency — scored and tracked across sweeps.
Drift detection
Tag changes, SKU changes, kind changes, location drifts — any deviation from the last known good state triggers an issue record. Remediation history lets you see what changed and why.
Your context, built in
Ingest your own architecture diagrams, runbooks, and compliance policies. Discovery results are interpreted through your environment's specific context, not generic Azure defaults.
How the model stays current
Sweep
On each cycle, Stratoscope queries Azure Resource Manager, Cost Management, and Entra ID using your registered service principal. No agents to install, no VNet requirements.
Compare
Results are diffed against the previous known state. New resources, permission changes, cost anomalies, and configuration drifts are flagged as distinct events.
Assess
Each event is evaluated against WAF pillars, your ingested runbooks, and your team's previous decisions. The platform generates a proposed action — not just a finding.
Feed
The updated model becomes context for every conversation with Scout, your governance agent. Ask what changed, why a resource exists, or what's driving cost — the model knows.
Common questions
How often does Tenant Discovery run?
Starter plan sweeps weekly. Professional plan sweeps daily. Enterprise plan sweeps continuously — the model is always updating.
What permissions does Tenant Discovery need?
Read-only RBAC at the subscription scope. No write access, no Owner role, no persistent elevated credentials. Stratoscope uses a service principal with the minimum permissions required to read resource state, cost data, and permission assignments.
Does it work across multiple tenants?
Yes. Professional and Enterprise plans support 3 and unlimited Azure tenants respectively. Each tenant gets its own isolated discovery context.
How is this different from Azure Resource Graph?
Azure Resource Graph is a query tool — it answers questions at a point in time. Tenant Discovery is a continuous model — it tracks changes over time, correlates cost with posture, and feeds a governance engine that proposes and executes fixes.
Ready to see what's actually in your tenant?
Tenant Discovery runs before your first conversation. Most teams are surprised by what it finds.
Request early access