Security and compliance, by default.
GraphWarden holds your Microsoft Graph credentials in your own Azure Key Vault, enforces policy on every call, and emits an audit trail that stands up to a regulator.
Zero-knowledge credentials
GraphWarden never stores your Microsoft Graph credentials. They live in your own Azure Key Vault, and GraphWarden is granted `get` permission on specific secrets — read-only, auditable from your tenant.
If GraphWarden is compromised, the blast radius is bounded: no stored secrets means no stolen secrets.
Seven aligned compliance frameworks
Each framework has its own mapping page — article by article, control by control.
Data residency
Hosted tier: the proxy runtime is in Azure Canada Central; the control plane runs in Canada East (OVHCloud). On-premise tier: the proxy runs entirely in your infrastructure — no data leaves your environment.
Request a compliance briefing
Walk through our architecture, ruleset model, and audit trail with your security or compliance team.
Request a briefing