Augur Vigil

Augur Vigil | Continuous Microsoft 365 Posture Monitoring

Augur Vigil is the continuous-monitoring companion to Augur from Ironwright. Augur answers "how exposed is this tenant right now?"; Vigil answers "did anything get worse since last time?" It re-runs an Augur assessment per tenant on a schedule, keeps a baseline, and alerts when configuration drift raises exposure, before it becomes an incident. It reads tenant configuration only, uses no AI anywhere in the pipeline, and has no server to host.

Version: 0.1.0  |  Status: Pre-release  |  Publisher: Ironwright

How it works

1. Collect. Run an Augur assessment against a tenant (read-only Graph).
2. Normalize. The AI-exposure lens maps Augur's findings to Vigil's canonical finding shape.
3. Snapshot. Write a timestamped JSON record of the current state.
4. Diff. Compare against the accepted baseline.
5. Alert. Route new or increased exposure to email and webhooks. Resolved findings are reported too, so closed gaps stay visible.

Relationship to Augur

Vigil does not duplicate Augur. It reuses Augur as the single source of truth for collection and scoring, consuming Augur's findings.json output, with Augur pinned as a git submodule. When Augur fixes or adds a collector, Vigil benefits with no code change, because Vigil only ever touches Augur's output.

How it runs

Scheduling is left to the host: Windows Task Scheduler or cron invoking Invoke-VigilBatch across a GDAP portfolio, with Azure Automation as the unattended, MSP-grade option. App-only runs use a certificate-based app registration; MSP runs reuse an existing GDAP delegated session. No secrets, tenant IDs, or connection strings are committed.

License

Augur Vigil is published by Ironwright. As a security tool, its source is closed. For inquiries, contact Ironwright.