COMBINED VISIBILITY

See What They Can Access AND What They Actually Do

Permissions in one place. Activations in another. WatchTower combines both into a single database so you can see the full picture: who has access to what, and how they're using it.

Request Consultation See How It Works

Your Data Is Scattered

Permissions are in Entra ID. Activations are in Log Analytics. Azure RBAC is somewhere else. To understand privileged access, you're pulling data from three different places.

Fragmented Data

PIM eligibility in one portal. Activation logs in another. Azure resource roles somewhere else. No single source of truth.

Missing Context

Knowing someone activated Global Admin isn't useful without knowing what else they could have used. Context requires combining data sources.

"Who Can Do What?"

This simple question requires querying multiple systems. What about PIM groups? What about Azure resource roles? The answer is always "it depends."

The Full Picture in One Place

WatchTower Permissions Insights + PIM Coach = complete visibility into privileged access.

Single Database

All permissions and all activation data in one queryable database. Your Azure tenant, your data. Ask any question.

Permissions + Activations

See who has what eligibility AND what they actually activated. Context for every action: "They used Owner but Reader was available."

PIM Groups + Direct Roles

Understands GATE model. Knows when someone activated via PIM group vs direct assignment. Complete picture of how privileges are obtained.

Entra ID + Azure RBAC

Directory roles and Azure resource roles together. Unified view across both identity and resource layer privileged access.

Full Solution + Implementation + Training

Both tools deployed to your Azure environment with expert setup.

Permissions + PIM Coach

Full permissions audit + PIM behavior coaching in a single database you own.

✓ WatchTower Permissions Insights (full Azure audit)
✓ WatchTower PIM Coach (activation analysis)
✓ Combined database in your tenant
✓ Query templates for common questions
✓ Expert deployment and training
✓ Data stays in your environment forever

Request Consultation Download Product Overview (PDF)

Frequently Asked Questions

What data goes into the database?

Full permissions audit: Entra ID roles, Azure RBAC, PIM eligibilities, group memberships. Plus activation history with context: what was activated, when, why, and what alternatives existed.

Can I query the data?

Yes. Use any database tool you prefer. We provide query templates for common questions: "Who can access this resource?", "What did they activate last month?"

Where does the data live?

Your Azure subscription, your Azure database, your region. Nothing leaves your environment. No SaaS, no data processing in our systems.

How often is data refreshed?

Permissions snapshot runs on your schedule (daily/weekly). PIM Coach analyzes activations weekly by default. Both can be adjusted to your needs.

Do you understand PIM groups?

Yes. The system understands GATE (Groups for Activating Targeted Entitlements). It knows when someone activated via PIM group membership vs direct role assignment.

What about Azure resource roles?

Both Entra ID directory roles and Azure resource roles are included. Unified view across identity and resource layers. Same database, same queries.

Built by Identity Experts

Customer-Owned Data

No vendor lock-in. Your Azure database. Export, query, integrate with anything. The data is yours forever.

Microsoft MVP

Delivered by a Microsoft MVP with deep expertise in Entra ID, privileged access management, and identity governance.

Enterprise-Grade Schema

Database schema designed for complex queries. Join permissions to activations. Ask questions native tools can't answer.