Ironwright
● Beta v1.4.0

Augur

Know your AI exposure before you turn AI on.

Talk to IronwrightTechnical detail

The problem

Organizations switch on Copilot and third-party AI assistants against their Microsoft 365 tenant without first measuring the configuration that makes prompt injection actionable — over-shared data, open inbound surfaces, and outbound automation an attacker can drive.

What it does, and who it is for

Augur is a read-only, pre-deployment assessment that scores every principal in your tenant across three structural risk axes and rolls them into a single client exposure level — so you fix the conditions that make AI abuse viable before you authorize the assistant. No content is inspected, and no AI is used anywhere in the assessment.

  • MSPs assessing client tenants before enabling Copilot
  • Security teams evaluating AI-assistant rollout risk
  • Compliance teams that need a defensible pre-deployment posture record

Proof at a glance

3

Structural risk axes

0

AI components used

Read-only

Tenant access

Graph · EXO · Teams · BAP

Data sources

Capabilities

Three-axis exposure model

Scores DataAccess (what AI could read), InboundSurface (how untrusted content reaches a principal), and OutboundAction (what AI could do outward) for every in-scope principal.

Per-principal heatmap and client exposure level

Findings are rated severity 1–3, scored into a per-principal heatmap, and aggregated into one client exposure level from Baseline to Critical.

No AI, no content inspection

The pipeline is deterministic configuration analysis. It reads tenant settings only — never message or file content — and calls no model.

Graceful degradation

When a data source is unavailable, the dependent collector emits a presence stub instead of failing the run, so you always get a usable partial assessment.

Flexible authentication

Runs against an existing GDAP/delegated Graph session, app-only client credentials (certificate preferred), or interactive sign-in.

Compliance and trust

  • Read-only across Graph, Exchange Online, Teams, and Power Platform
  • No message or file content inspected at any point
  • No AI/model used anywhere in the assessment pipeline
  • Timestamped output folders so runs never overwrite each other

How it deploys

Augur ships as a PowerShell module (5.1+). It needs read scopes only; app-only runs use a certificate-based app registration, and MSP engagements can reuse an existing GDAP delegated session. There is no server component to host.

What is coming next

  • Live-tenant validation pass across the Flow, Teams, and SharePoint collectors
  • Microsoft Forms exposure coverage
  • Broader principal-scope coverage and reporting polish
Talk to Ironwright

See the technical detail