MSP partner brief · Real attack scenario · Microsoft 365

Your clients have applications
you forgot about.
Attackers didn't.

Every Microsoft 365 tenant contains dozens of connected applications operating silently in the background, AI assistants, backup tools, OAuth integrations, SaaS platforms. Most were connected months or years ago. Most have never had their credentials rotated. And fewer than 1 in 10 organisations have any monitoring in place. This is the fastest-growing attack surface in your clients' environments. Here's what an attack looks like, and how AIRM catches it.

197
Days, average time to detect a breach
IBM Cost of a Data Breach 2024
68%
Of breaches involve a non-human identity vector
CrowdStrike 2024
<10%
Of organisations have any NHI monitoring in place
Sabiki Security 2026
$4.9M
Average breach cost, compromised credentials
IBM Cost of a Data Breach 2024
+27%
Cyber insurance premium uplift, no identity hygiene proof
Marsh 2025
AI Email Assistant Compromise, Professional Services Firm
85 users · Third-party AI writing tool · Permissions: Mail.ReadWrite + Directory.Read.All · Blast radius: High · Client secret never rotated
  • 18 months
    earlier
    Setup

    The firm connects an AI email assistant to M365. The application is granted Mail.ReadWrite and Directory.Read.All, standard for this tool. A developer stores the application's client secret in a private GitHub repository. The secret is never rotated.
  • Day 0
    Anytime
    Discovery

    An attacker identifies the firm uses this AI tool from public sources (marketplace listing, LinkedIn). They search GitHub for the application's client secret using an automated scanning tool. They find it within minutes. The credential has been there for 18 months.
  • Saturday
    02:14
    Breach

    The attacker authenticates to M365 as the AI application using the stolen client secret. No MFA prompt fires. No suspicious login alert triggers. The authentication is technically valid, the correct credential was used. From Microsoft's perspective, everything looks normal.
  • Saturday
    02:14–02:17
    Exploitation

    The attacker begins reading executive email and enumerating the full user directory. The AI application continues performing its normal functions alongside the attacker. Without monitoring, this access can persist indefinitely, every email sent or received by 85 people, readable at will.
  • Saturday
    02:14
    AIRM detects

    Signal 1 fires: Off-Hours Authentication. This application's 7-day baseline shows it authenticates Mon–Fri 08:00–19:00. Activity at 2am Saturday is an immediate deviation. AIRM registers the anomaly against this identity's specific baseline, not a generic threshold.
  • Saturday
    02:17
    AIRM detects

    Signal 2 fires: New Resource Access. The application queries the user directory, a resource it has held permission to access for 18 months but has never actually touched. Legitimate applications access predictable resources. Accessing a new resource is a hallmark of an attacker exploring available permissions.

    Two concurrent Critical signals on a high-blast-radius identity, alert escalated to CRITICAL.
  • Saturday
    02:19
    AIRM acts

    A prioritised ticket is created automatically in ConnectWise / HaloPSA / Autotask with full context attached: identity name, signals fired, baseline comparison, blast radius score, full permission list, and available one-click response actions. Your technician has everything they need before they've opened the ticket.
  • Monday
    08:03
    Resolved

    Your technician opens the ticket at the start of their shift. The picture is complete, anomalous auth times, new directory access, blast radius score, permission context. They use AIRM's one-click Disable Identity action to cut off the attacker's access directly from within AIRM, no Azure AD console, no vendor call, no escalation.

    Credentials flagged for immediate rotation. Investigation determines: exposure window, 6 hours. Audit trail updated. Client notified. Job closed.
Without AIRM
  • Attacker has valid credentials, no alert fires at point of compromise
  • MFA and Conditional Access do not apply to service principal authentication
  • Periodic scanner runs Monday, attacker had five days of undetected access
  • Executive email readable at will for an unknown period, potentially months
  • Average discovery time for NHI breaches: 197 days
VS
With AIRM
  • Off-hours authentication detected within minutes of first access
  • New resource access flagged immediately, anomaly vs 18-month baseline
  • Critical PSA ticket auto-created with full context at 02:19 Saturday
  • Identity disabled with one click from within the ticket workflow
  • Exposure window: 6 hours. Audit trail complete.
Six Behavioural Signals AIRM Monitors
  • Off-Hours AuthenticationActivity outside each application's historical operating window
  • New Resource AccessApplication accesses a resource it has never touched before
  • Authentication Method Changee.g. certificate to password; attacker replaying a stolen secret
  • Dormant Identity ActivatedInactive application begins authenticating again
  • Authentication Volume SpikeEvents spike dramatically vs 7-day per-identity baseline
  • Impersonation SpikeApp authenticates on behalf of an unusually large user set
Six One-Click Response Actions
  • 1
    Disable Compromised IdentityCalls Graph API to disable the SP instantly, no Azure AD console access required
  • 2
    Classify & ConfirmAI Agent / NHI / Microsoft First-Party, correct or confirm AIRM's classification
  • 3
    Approve / Flag / ReviewAuditable compliance workflow, ISO 42001, DORA, SOC2 AI extensions
  • 4
    Assign OwnerNamed accountability recorded in AIRM and Azure AD via Graph API
  • 5
    Alert Suppression90-day suppression with disposition, auto-expires, fully auditable
  • 6
    Native PSA TicketingConnectWise · HaloPSA · Autotask, no middleware, no connector tax
Why AIRM, not a periodic scanner, not an enterprise tool retrofitted for MSPs
M365-nativeNo Entra ID P2. No Azure infra. No endpoint agents.
MSP-first architectureMulti-tenant control plane. The only one on the market.
Per-identity baselines7-day learning per app, not generic thresholds that flood with false positives.
Blast radius scoringKnow which NHIs matter most before the attack happens.
Compounding accuracyHistorical anomaly data accumulates with every scan, gets sharper the longer you run it.
Native PSA ticketingConnectWise, HaloPSA, Autotask, zero middleware.
See what's in your clients' tenants right now.
AIRM connects to a Microsoft 365 tenant in under five minutes, no agents, no infrastructure changes. Run a free assessment and see every non-human identity, its risk score, blast radius, and ownership status before you commit to anything.
Chat with Sabiki
Didn't find your answer? Ask us
Hi, ask anything about NHI risk, deployment, compliance or pricing, or start a free trial and see your score.
Start free trial →
Prototype, vendor chat widget mounts here (e.g. Intercom Fin).