Azure landing zones · drift · exceptions · evidence

Your landing zone is a snapshot. Make it an operating system.

Guardrail Ledger turns Azure Policy, Defender, and ARM telemetry into a weekly drift digest, an exception ledger, and a monthly evidence pack your auditor and your board can both read.

Connect a subscription See what gets compared

Three pillars, one weekly cadence

DRIFT

Weekly diff against your landing-zone baseline. Resource, RBAC, tag, network exposure deltas.

EXCEPTIONS

Approve, expire, and audit policy exceptions in one ledger. Reviewer, scope, expiry, evidence.

EVIDENCE

Monthly PDF guardrail pack ready for auditors, MSP customers, or your own board.

What it reads

Azure-only. Reader role plus Policy Insights. No CNAPP, no multi-cloud, no agent on the workload.

Azure Resource Manager
Azure Policy
Defender for Cloud
Activity Log
RBAC assignments
Resource tags
Key Vault
Your ITSM

Pricing

Per subscription pack and protected resource count. Billed monthly or via Azure Marketplace with MACC burndown.

Single estate

€1,500/mo

One production estate. Weekly drift digest. Monthly pack.

Multi-subscription

€2,500/mo

Multi-subscription estates. Exception ledger. Custom baselines.

MSP

from €4,000/mo

Multi-customer operation. White-label monthly packs.