Security Compliance Licensing AI Agent Pricing
Sign in Start free trial
The MSP control plane for Microsoft 365

Manage other people's
M365 tenants at scale.

Copilot and Claude-in-M365 work inside one tenant. TenantIQ runs CIS automation, per-tenant overrides, drift attribution, and license-tier gating across the 9–250+ tenants an MSP manages — from one control plane.

Built and shipping. Pre-launch. 234 API routes · 183 test files · 39 D1 tables — every number grep-able in the repo.

Sign in with Microsoft Sign in with LinkedIn
Try with my M365 account only (no admin needed) Onboard your organization (Global Admin) →
Framework coverage — maps your tenants, not a TenantIQ certification
SOC 2 mapping HIPAA mapping GDPR mapping Zero Trust CIS Benchmark 100+ Controls
app.tenantiq.app/dashboard
Acme MSP
14 tenants
Dashboard
Security
Compliance
Licenses
AI Agent
Workflows
Portfolio Overview
All tenants · Last 24h
All systems operational
Avg Security Score
84/100
↑ +3 this week
Open Threats
2
↓ from 7
License Savings
$4.2k
↑ this month
Compliance Pass
91%
↑ +6%
TenantScorePostureCompliance
Contoso Ltd94
SOC2 ✓
Fabrikam Inc71
HIPAA ⚠
WoodGrove Bank88
GDPR ✓
Northwind Retail52
CIS ✗
0
CIS benchmark controls
0
Compliance frameworks
0
AI agent tools
0
Unit tests in production
Platform

Three pillars.
One control plane.

Everything you need to protect, prove, and optimize every tenant — without switching tools.

🎯
CIS Benchmark Scanning
100+ controls evaluated against live tenant configuration with per-section scoring and hourly automated rescans.
📡
Threat Detection & Anomaly Analysis
AI-powered detection of impossible travel, brute-force attempts, risky IPs, and behavioral deviations from user baseline.
🔒
Risky User Monitoring
Deep integration with Microsoft Identity Protection for credential compromise detection and real-time suspicious activity alerts.
One-Click Remediation with Rollback
Execute fixes with dry-run preview, approval gates, and full state capture — every action reversible in one click.
CIS Security Score
Scanning hourly
85/ 100
Identity & Access
92%
Data Protection
88%
Device Management
76%
Email & Collab
83%
Cloud Applications
69%
📋
Multi-Framework Assessment
SOC 2, HIPAA, GDPR, Zero Trust, and CIS — evaluated against live tenant configuration, not static checklists.
📸
Config Snapshots & Drift Detection
Capture complete M365 configuration state. Get alerted immediately when conditional access policies or auth methods change unexpectedly.
📦
Audit-Ready Evidence Packages
Generate compliance evidence mapped to specific framework controls — exportable PDFs ready for your auditors on demand.
🤖
Copilot Readiness Assessment
Step-by-step readiness scoring with prerequisite checks before deploying Microsoft 365 Copilot across client tenants.
Compliance Overview
Daily scan
SOC 2
89%
24/27 controls passing
HIPAA
74%
3 gaps detected
GDPR
92%
Evidence ready
Zero Trust
81%
5/6 pillars mature
💡
AI Downgrade Recommendations
AI-generated suggestions for license tier changes (E5→E3) with projected savings and per-user usage justification.
👻
Inactive User Detection
Configurable 30/60/90-day inactivity thresholds with cost impact calculations across every managed tenant.
🤖
License Autopilot
Automated optimization analysis with configurable approval gates — savings happen without surprises or unauthorized changes.
📈
ROI Dashboards & Savings Leaderboard
Per-tenant and portfolio-wide cost savings visualization. Show clients exactly what you've saved them each month.
License Optimization
Autopilot active
$4,210
saved this month across 14 tenants
Contoso Ltd−$1,240/moE5→E3 · 8 users
Fabrikam Inc−$890/mo12 inactive
Northwind Retail−$640/moDowngrade ready
WoodGrove Bank−$480/moPending approval
AI Agent

Ask anything.
Act instantly.

Powered by Anthropic Claude with 13+ tools that query live tenant data and execute real operations — not just chatbot answers.

  • Natural language queries across all tenants simultaneously
  • Executes user management, license changes, security analysis
  • Generates executive reports exportable to PDF or Markdown
  • Streaming real-time responses with tool execution progress
  • Conversation history with search, tagging, and shareable links
Query users
License analysis
Security posture
Compliance gaps
Cost savings
Compare tenants
Usage heatmap
Savings report
Anomaly scan
TenantIQ AI
● Active · 13 tools available
Which tenants have E5 users who aren't fully utilizing the license?
Running license_utilization_analysis across 14 tenants...
Fetching feature usage data via Microsoft Graph...
Found 3 tenants with underutilized E5 licenses totaling $2,130/mo in potential savings:

Contoso Ltd — 8 users qualify for E3 downgrade ($1,240/mo)
Fabrikam Inc — 6 users inactive 60+ days ($590/mo)
Northwind — 4 users never activated Defender ($300/mo)
Why TenantIQ

Built for MSPs.
Not adapted for them.

01
Multi-tenant from day one
Every database query is scoped by organization and tenant ID at the API middleware layer. Data isolation is architectural, not bolted on.
02
AI that can analyze and act
Not just chat. The AI agent has 13+ tools that query live data and execute real operations — user management, license changes, executive reports.
03
Actionable security, not dashboards
Nine remediation actions execute directly against Microsoft Graph with dry-run preview, scheduling, approval gates, and complete rollback.
04
Compliance mapped to live config
SOC 2, HIPAA, GDPR, CIS, and Zero Trust engines evaluate real tenant settings. Evidence packages generated automatically for auditors.
05
Zero cold starts, ever
Built entirely on Cloudflare Workers, Pages, D1, KV, R2, and Queues. Every API request runs at the edge with 120+ endpoints.
06
955 tests. Production-grade.
955 unit tests and 127 end-to-end browser tests across 21 sections. Not a demo — a production platform built to enterprise standards.
Infrastructure

Built at the edge.
Zero cold starts.

Cloudflare Workers
120+ API endpoints. Hono 4 + TypeScript strict. Every request runs at the nearest edge node.
🗄
Cloudflare D1
15-table SQLite with Drizzle ORM. Every query scoped by org and tenant ID at middleware.
💾
R2 + KV Storage
AES-256-GCM encrypted backups per tenant. Tokens, scores, rate limits in KV.
🔄
Cloudflare Queues
Async scan processing, remediation jobs, and webhook delivery with retry logic.
🧪
955 Unit Tests
955 unit + 127 E2E browser tests across 21 sections in production CI/CD.
Pricing

Simple, per-tenant pricing.

Pay for what you manage. No seat fees, no platform costs, no surprises.

Starter
$49/tenant/mo

For small MSPs and individual IT teams getting started with M365 management.

  • CIS benchmark scanning (100+ controls)
  • Microsoft Secure Score tracking
  • Basic threat detection
  • License utilization reporting
  • SOC 2 & GDPR assessments
  • 90-day audit log retention
Start free trial
Most popular
Professional
$99/tenant/mo

For growing MSPs needing full security, compliance automation, and AI-powered optimization.

  • Everything in Starter
  • AI agent with 13+ tools
  • One-click remediation with rollback
  • All 5 compliance frameworks
  • License Autopilot with approval gates
  • Workflow automation & offboarding
  • Encrypted backup & drift detection
  • Cross-tenant benchmarking
Start free trial
Enterprise
Custom

For large MSPs requiring dedicated support, custom SLAs, white-labeling, and SAML SSO.

  • Everything in Professional
  • SAML & OIDC SSO
  • Dedicated support & SLA
  • Custom integrations
  • White-label option
  • Data residency guarantees
Contact sales
FAQ

Common questions.

What Microsoft permissions are required?
TenantIQ uses Microsoft Graph API with delegated and application-only access. Permissions include users, groups, licenses, security alerts, conditional access, audit logs, and SharePoint/OneDrive configuration. Remediation actions require additional write permissions granted per-tenant during onboarding.
How is tenant data isolated?
Every database query is scoped by organization ID and tenant ID at the API middleware layer. Data isolation is enforced architecturally — not by application convention. Each tenant's backup data is encrypted with a unique AES-256-GCM key.
Can remediation actions be rolled back?
Yes. Every remediation action captures full before-state and after-state. Rollback restores the previous configuration with a single click. Dry-run preview is available before execution, and scheduling allows timed execution with approval gates.
How does the AI agent work?
The AI agent is powered by Anthropic Claude with function calling. It has 13+ tools that query live tenant data — users, licenses, security posture, compliance status, and cost metrics. It streams responses in real time and generates suggested actions based on analysis results.
Where is data stored?
All data is stored on Cloudflare's global network. Structured data lives in Cloudflare D1. Cached tokens and scores use Cloudflare KV. Encrypted backups, PDF reports, and exports are stored in Cloudflare R2.
What compliance frameworks are covered?
TenantIQ evaluates against SOC 2 (Trust Service Criteria), HIPAA (Administrative, Physical, Technical safeguards), GDPR (Data Protection Principles), CIS Microsoft 365 Benchmark (100+ controls), Zero Trust maturity (6 pillars), and Copilot Readiness assessment.

Stop managing tenants.
Start controlling them.

Full platform access. No credit card. Cancel anytime.

Start free trial View live demo →