Ironwright
← Back to Projects
● Beta v1.4.0AI SecurityM365 & MSP

Augur

Measure a Microsoft 365 tenant's structural exposure to AI prompt injection — before any assistant is switched on.

  • PowerShell
  • Microsoft 365
Code ↗Roadmap ↗Service overview

Problem

Organizations authorize Copilot and third-party AI assistants against their Microsoft 365 tenant without first measuring the configuration conditions that make prompt injection actionable — over-shared data, open inbound surfaces, and outbound automation.

Approach

A read-only PowerShell module over Microsoft Graph, Exchange Online, Teams, and the Power Platform BAP API that scores every principal across three structural axes — DataAccess, InboundSurface, OutboundAction — and rolls them into a single client exposure level. No AI is used anywhere in the pipeline.

Outcome

v1.4.0, in active use — five collectors (Graph, Exchange, Teams, SharePoint, Power Automate, MCP surface) with graceful degradation to presence stubs when a data source is unavailable, and timestamped JSON/CSV/HTML output per run.

Augur | Pre-deployment AI Exposure Assessment

Augur is a pre-deployment Microsoft 365 AI exposure assessment from Ironwright Labs. It measures the structural configuration conditions that make prompt injection viablebefore any AI assistant (Copilot, a third-party agent, an automation) is authorized against a tenant. It reads tenant configuration only; it never inspects message or file content, and no AI component is used anywhere in the assessment pipeline.

Version: 1.4.0  |  Status: Beta  |  Publisher: Ironwright

What it measures

Augur inspects three structural risk axes across every in-scope principal:

  • DataAccess — what a compromised assistant could read (mailbox delegation, SharePoint/OneDrive sharing).
  • InboundSurface — how untrusted content could reach a principal (external Teams access and federation).
  • OutboundAction — what an assistant could do outward (Power Automate flows, external actions, the MCP/connector tool surface).

Each finding is rated severity 1–3, scored per-principal into a heatmap, then aggregated into a single client exposure level (Baseline → Critical).

How it works

  • Read-only. Augur needs read scopes across Graph, Exchange Online, Teams, and the Power Platform admin API — nothing more.
  • No AI in the pipeline. The assessment is deterministic configuration analysis; it does not call any model.
  • Graceful degradation. If a collector's data source is unavailable (module missing, scope not granted), it emits a presence stub instead of failing the run.
  • Auth modes. Existing GDAP/delegated Graph session, app-only client credentials (certificate preferred), or interactive browser sign-in.

Output

Each run writes a timestamped folder containing findings.json, heatmap.json, client-level.json, findings.csv, report.html, and assessment.log, so runs never overwrite each other.

Documentation

  • Setup & usage guide — installation, permissions, running an assessment, and reading the output.
  • ROADMAP.md — the canonical living list of shipped collectors and live-tenant validation debt.

License

Augur is published by Ironwright. For inquiries, contact Ironwright.

Roadmap

v1.4.0 · Beta · updated June 14, 2026

Pre-deployment Microsoft 365 AI exposure assessment — measures the structural conditions that make prompt injection viable, across three axes, with no AI in the pipeline.

Full roadmap →
← Back to Projects