See pricing

Features

What Access Fabric runs for you

An operator UI on Microsoft Graph for Entra access governance — reviews, cleanup, JML, and audit exports in one place.

  • Guest access reviews

    Reads your guest-user inventory from Microsoft Graph and drives the review through Entra Entitlement Management. Reviewers see sponsor, source app, and last sign-in before they decide.

  • Application-access reviews

    Surfaces each app registration, assigned role, and last sign-in date in one campaign. Reviewers approve or remove without opening multiple blades in the Entra admin center.

  • Dormant accounts

    Flags users with no recent sign-in and routes them into an access review. Removals execute through Graph once reviewers confirm the account is no longer needed.

  • Orphaned roles

    Detects role assignments whose owner has left the organisation. Reviewers attest or revoke in Teams, and orphaned assignments are cleaned up through Graph.

  • JML hooks to ITSM

    Joiner, mover, and leaver events from your HR feed and Entra Lifecycle Workflows route access requests and revocations to your ITSM. Roles get pulled, not just the account disabled.

  • Teams attestations and reminders

    Manager attestations and reviewer reminders land in Microsoft Teams. Access Fabric nudges reviewers who have not answered before the campaign deadline.

  • Guest inventory

    Every guest in one list with last sign-in, the inviting application, and the sponsor on record. Filter stale guests and send them straight into a review campaign.

  • Per-campaign audit exports

    Each campaign exports decisions, reviewer identity, and timestamp as CSV or JSON — mapped to ISO 27001:2022 A.5.15, A.5.16, A.5.18 and NIS2 Article 21.

  • Multi-tenant console

    MSP plans get a single operator console across customer tenants. Per-customer reporting and isolated environments stay separate under the hood.

How a campaign runs

  1. Connect your tenant

    Grant admin consent to the Access Fabric Graph application. It reads users, groups, guests, and role assignments — nothing in your directory changes on connect.

  2. Scope the campaign

    Pick guest, application, or dormant-access. Access Fabric builds the review in Entitlement Management and assigns reviewers from your Entra directory.

  3. Reviewers decide in Teams

    Managers and app owners attest in Microsoft Teams. Access Fabric sends reminders to reviewers who have not answered before the deadline.

  4. Act and export

    Approved access stays. Removals and orphaned roles are cleaned up through Graph, leaver revocations fire through your ITSM, and campaign decisions export as audit records.

Run your first review

Connect Entra ID, run a guest review, and export the audit record. 90 days free, no card.

See pricing Book a demo