PureTenant analyzes your Microsoft 365 tenant in less than an hour and delivers a report dashboard that classifies every user as optimal, over- or under-licensed. An app that turns 20 fragmented admin centers, cryptic PowerShell outputs, and Excel tables into a single, identity-based report. Use it to manage security, compliance, and cost transparently.
An app that turns 20 fragmented admin centers, cryptic PowerShell outputs and Excel sheets into a single, identity-centric report. What can otherwise only be surfaced manually — laborious and error-prone — becomes visible on one screen, exportable, archivable.
Identity, Security, Compliance, Intune, Defender, Purview, Exchange, SharePoint, Teams. PureTenant consolidates every relevant data source — no fragmented tabs, no conflicting numbers.
Every identity linked with licenses, roles, MFA status, sign-in activity, app access. Filter by department, location, risk. No data silo.
Hidden admin roles, OAuth consents, orphaned service principals, conditional-access gaps. Visible — without anyone writing a single line of script.
Identities without MFA, with legacy auth protocols, without CA coverage. Visually presented, ranked by risk class, an action list in seconds.
Every third-party access to your tenant — with best-practice scoring. Which app reads mail? Which writes calendars? What was consented to, when?
License costs broken down by cost center and service usage. Renewal negotiations with real numbers instead of gut feel. Excel export included.
PureTenant scans your entire tenant — from identity through mail to compliance — in one choreographed run. No separate tools, no double approvals, no data exports.
Three truths almost every Microsoft 365 tenant ignores — until the audit notice arrives or the renewal date is on the calendar.
Employees change roles but keep their old license. E5 for someone who only uses Outlook. F3 for someone who needs Power BI. The drift grows daily — no one sees it.
Source: PT audits 2024–2026“I think it’s fine” isn’t enough at audit time. You need an auditable point-in-time report — not just in emergencies, but as regular evidence in your ISMS.
NIS2 implementation · BSI GrundschutzPureTenant is not a consulting engagement, it’s software. Buy once, scan as often as you like. The report is yours, not the consultant’s.
Mid-market DACH · 5 audit daysPureTenant connects to your tenant, reads read-only, cross-references the official license matrix, and returns the finished HTML report.
An app in your own tenant, upload the certificate, grant permissions — fully guided and highly automated by the setup assistant.
PureTenant reads read-only all data via Microsoft APIs.
Cross-reference the license matrix, classify every user, mark security and compliance gaps, calculate savings in euros.
An HTML dashboard, runs locally, can be re-analyzed any number of times within the contract term.
The result is a single, self-contained HTML file. No SaaS login, no external dependency. Open it in your browser, archive it in your ISMS, hand it to your auditor.
A ~2 MB file. Open locally, archive locally — no server, no login, no cloud.
German, English, French — every UI string fully localised. Language switcher inside the report.
SHA-256 hash and HMAC tenant binding. Tampering with the report is detectable.
New report? Just load it against the previous one — changes are highlighted page-wide.
PureTenant cannot modify your tenant — technically excluded. Authentication runs via app-only certificate auth, no user credentials. No write permission is requested.
No write, delete, or mail-send rights are ever requested. Microsoft itself cannot use this app for write operations.
No client secret, no password. Authentication via X.509 certificate in the keystore of your audit host.
License server, Mailgun, Stripe registered office — all in the EU. No data processing outside the EEA.
NIS2, TISAX 5.1.1, ISO 27001, BSI Grundschutz — all controls automatically checked, referenced in the report.
You choose the tier yourself — the license is bound to your tenant ID, not exactly to user count. Auto-renewal, cancellable up to 4 weeks before expiry.
All prices net in EUR, plus statutory VAT. Reverse-charge procedure for EU business customers with valid VAT ID. Switzerland and United Kingdom on request. One license binds to exactly one Microsoft 365 tenant ID.
Eight answers we have heard before every purchase — from IT admins, CISOs, executives.
On average 38 minutes for medium tenants (up to 1,000 users). For very large tenants (5,000+) up to 90 minutes. You don’t need to be present during the run — the analysis runs from the command line on an audit host of your choice.
Exclusively read permissions on Microsoft Graph — no write, delete, or mail-send rights. The list is shown above under “Security”. Your compliance officer can review it any time in the Entra portal.
The app registration is performed in your tenant — we have no access to it, unless you actively share the report with your IT partner.
With you. The report is processed in LocalStorage in the browser, locally with you. No tenant details are transferred. PureTenant is a SaaS product.
The report contains its own section mapping to NIS2 (all 14 main controls), TISAX 5.1.1 (all 8 related controls), and ISO 27001 Annex A. You can file it as evidence in your ISMS — audit-proof, signed with SHA-256 and HMAC tenant binding.
Unlimited. A tier (XS to XXL) is bound to exactly one tenant ID. Within the license year you can analyze as often as you wish — e.g. monthly for ongoing compliance evidence.
Nothing. The next tier only changes with the new contract term. You switch the tier pro-rata.
Yes. You can view demo data via a sample access and get an impression of what will be displayed to you.
Michael Bauer — 33 years of IT experience. Of which 10 years at Bechtle and 15 years self-employed. PureTenant is an independent product based in Germany, white-label, no external investor structure.
Choose a license, enter the tenant ID, start the audit. First insights in less than an hour — even if you have never run an M365 audit yourself before.