Questions & Answers

Everything you'd ask before you switch it on.

Straight answers for MSPs, MSSPs and the organisations they serve, what Sabiki AIRM does, how it deploys, and how it complements Microsoft.

Essentials For MSPs & MSSPs Security & deployment NHI Risk Score Microsoft Comparison table Compliance Pricing & trial

The essentials

What Sabiki AIRM is, in plain language.

What is Sabiki AIRM?

Sabiki AIRM, Agentic Identity Risk Management, is the independent AI Identity Control Plane for Microsoft 365. It continuously discovers every AI agent and non-human identity in a tenant, shows you what each one can access, scores the risk, and turns that into an independent posture you can govern, report on and improve.

What does "AI Security & Compliance" actually mean?

It means three things: discover every AI identity in the tenant, understand what each can reach and who owns it, and govern it, prioritise what matters, report it clearly, and keep humans in control as things change. It's the visibility layer that makes it safe to say "yes" to AI.

What's a "non-human identity"?

It's any account that isn't a person, an AI agent, a Copilot identity, a service principal, an automation account, an app integration. Each one signs in, holds permissions and can access data, but no person owns or watches it day to day. In a typical Microsoft 365 tenant they outnumber human users many times over.

How is this different from what Microsoft already gives me?

Microsoft governs AI inside its own ecosystem. Sabiki adds an independent, tenant-wide layer that scores and governs every AI identity, Microsoft-native and third-party, and benchmarks it against peers. It complements Microsoft; it doesn't replace it. (See the full comparison page.)

For MSPs & MSSPs

How partners deliver it and make money from it.

What do I actually sell my clients?

A managed service in plain language, confident, safe AI adoption. Most partners productise three lines on top of AIRM: AI Identity Onboarding Review (a one-off pre-deployment review), AI Agent & NHI Governance (a monthly retainer), and AI Identity Risk Posture (a quarterly evidence pack). Your brand, your pricing, your margin, all running off the same continuous observability.

How does AIRM make my MSP money?

Two ways. The AIRM licence carries a partner margin that grows with adoption (see Pricing). On top of that, the governance services you wrap around it are high-margin and almost entirely yours. The licence is the floor; the services are where the real value is.

Does it work across all my client tenants?

Yes. AIRM is multi-tenant by default, one dashboard across your whole client portfolio, with risk scores and findings per tenant so you can see which customers are highest risk and prioritise remediation across the book.

Does it fit my PSA and tools?

Native integrations with ConnectWise, HaloPSA and Autotask turn findings into tickets automatically, with outbound webhooks for SIEM, Slack and Teams. No middleware required.

Can I put my own brand on the reports?

Yes, client reports are white-labelled with your logo and company name, so the executive summaries and posture reports look like they came from your team.

Do I need new staff or specialist security skills to deliver it?

No. AIRM automates the discovery, scoring and reporting, and writes findings in plain English. It's built to run as a managed service without adding headcount.

Security & deployment

The questions every IT lead asks before connecting a tenant.

Is it agentless? What do you install?

Nothing is installed. AIRM is cloud-only and agentless, connecting to Microsoft 365 through the Microsoft Graph API. No endpoint software, no MX changes, nothing for the client to maintain.

What access does it need? Is it read-only?

It connects with read-only permissions and reads identity and permission metadata, not your emails, files or documents. On day one it observes only; it doesn't change a permission, grant or identity unless you explicitly choose to act.

Is it GDAP-compatible for MSP delivery?

Yes. AIRM is designed to work within GDAP so partners can connect client tenants cleanly, without standing access where it isn't needed.

Can I revoke access whenever I want?

Yes, access can be revoked in one click from Entra ID at any time. You stay fully in control.

How long until I see value?

About five minutes to connect a tenant, and you can read the executive summary and full AI identity inventory the same day. The first scan is usually the conversation-starter with a client.

The NHI Risk Score

Sabiki's signature, independent score.

What is the NHI Risk Score?

It's a single, independent score for a tenant's AI identity posture, think of it like a credit score for NHI risk. One number you can track, improve quarter on quarter, and benchmark. You get it from the free NHI Risk Score assessment, drawn from everything AIRM discovers across Microsoft-native and third-party identities. (AIRM produces the underlying risk rating.)

How is the score calculated?

It's built from the signals AIRM continuously assesses across each identity, what it can access, how privileged it is, whether it's owned, whether it's dormant, and how its behaviour changes over time, rolled into one posture figure that updates every scan.

Can I see how a client compares to similar organisations?

Yes, the rating includes peer benchmarking, so you can show a client how their posture compares with similar organisations, not just against themselves. It turns "are we doing well?" into a number with context.

Microsoft

How Sabiki sits alongside the Microsoft stack.

Do you compete with Microsoft?

No, we complement it. Microsoft secures the platform and governs AI within its own ecosystem. Sabiki adds the independent, cross-vendor AI identity observability and NHI Risk Score on top, so customers get more value from their Microsoft investment.

Do I still need E5, E7, Copilot, Agent 365 or Entra?

Keep them, Sabiki works alongside whatever Microsoft tier and tools a client has. Each Microsoft product solves part of the picture; Sabiki adds the tenant-wide AI identity posture and an objective score Microsoft can't grade on itself. (See the full comparison page for where it fits across E3/E5/E7, Copilot, Agent 365 and Entra.)

Detailed comparison, Microsoft vs Sabiki AIRM

Where Sabiki complements Microsoft 365 across the AI identity layer. Microsoft tier capabilities are indicative and evolve with licensing.

CapabilityM365 E3M365 E5M365 E7Sabiki AIRM
Microsoft platform & integrations
Microsoft 365 ProductivityComplements Microsoft
Microsoft Identity PlatformUses Microsoft identity data
Microsoft Security ControlsBasicAdvancedAdvanced + AIComplements existing controls
Microsoft Defender IntegrationLimitedIntegrates with Defender insights
Microsoft Entra IntegrationBasicAdvancedAdvancedExtends Entra visibility
Microsoft Purview IntegrationBasicAdvancedAdvancedComplements governance
AI identity discovery
Discover AI AgentsLimitedPartialAdvanced✓ Continuous discovery
Discover Non-Human Identities (NHIs)LimitedPartialPartial✓ Comprehensive discovery
Service Principal DiscoveryBasicBasicBasic✓ Deep visibility
Enterprise Application VisibilityBasicBasicAdvanced✓ Enhanced inventory
Managed Identity VisibilityLimitedPartialPartial✓ Comprehensive
Microsoft Graph Permission AnalysisBasicPartialPartial✓ Deep analysis
AI identity intelligence
AI Identity Relationship MappingLimited
AI Identity Lifecycle MonitoringPartialPartial
Dormant AI Identity DetectionLimited
AI Identity Ownership TrackingLimitedPartialPartial
AI identity governance & observability
AI Identity GovernanceBasicAdvancedAdvanced✓ Continuous governance
AI Identity ObservabilityLimitedPartial✓ Core capability
Executive AI Posture DashboardLimitedPartialPartial
Multi-Tenant MSP DashboardLimited
AI Deployment Risk InsightsLimitedPartial
Continuous AI Identity MonitoringPartialPartial
Independent, cross-vendor assessmentLimited✓ Independent of Microsoft
Overall NHI Risk Score✓ Core capability
Peer benchmarking vs similar organisations
Reporting & operational intelligence
Executive ReportingBasicAdvancedAdvanced✓ Tailored for AI identity
MSP Customer ReportingLimited
AI Identity Operational IntelligenceLimited✓ Core capability
Full capabilityBasic / Partial / Limited varies by tier Not availableBlue = where Sabiki adds value

Want the product-by-product view, E3, E5, E7, Copilot, Agent 365 and Entra Suite with pricing? See the full comparison page →

Compliance

Evidence for auditors, boards and insurers.

Which frameworks does AIRM map to?

Findings map automatically to 11 frameworks, including the AI-specific ones, EU AI Act, ISO 42001 and NIST AI RMF, plus DORA, ISO 27001, UK CAF, Essential Eight and more. You can generate a per-framework report in one click.

Can I give clients audit- and insurer-ready evidence?

Yes. The quarterly AI Identity Risk Posture pack is written for leadership and is the evidence to hand an auditor, or a cyber-insurer asking about AI governance at renewal, where premiums rose 27% in 2025 (Marsh).

Pricing & trial

Simple, per-tenant, partner-friendly.

How is AIRM priced?

Per tenant, per month, across five bundles, from $149 (Basic) to $1,599 (Enterprise) MSRP, on an annual commitment. Pricing is per tenant, not per user, which is what makes the MSP economics work.

What are the partner margin tiers?

Partner margin grows with adoption, across three tiers: Registered −25% (1-24 tenants), Gold −33% (25-99), Elite −40% (100+). The higher tier applies across your whole adopted book.

What's free, and what needs a subscription?

Registered MSPs can run one free assessment per Microsoft 365 tenant and receive a fully featured report, including the recommended actions to remediate what it finds. It's one assessment per tenant. Executing those actions, plus continuous monitoring, re-assessment, triage and ongoing reporting, requires a paid AIRM subscription, per tenant. Why: non-human identities multiply continuously as AI adoption grows, so seeing the issues once isn't enough, fixing and maintaining them at best practice (aligned to the 11 governance frameworks) needs the subscription. You only pay once a client subscribes.

How do I get started for free? Do I need a credit card?

The free entry point is a free assessment per Microsoft 365 tenant, no credit card, which produces the fully featured report, including recommended actions. You pay the AIRM subscription, per tenant, only when a client decides to act on the report and keep the tenant monitored. (See "What's free, and what needs a subscription?" above.)

Still have a question? Run a free scan and see for yourself.

Connect one Microsoft 365 tenant in minutes, read the AI identity inventory the same day. Read-only, agentless, complements Microsoft.

Chat with Sabiki
Didn't find your answer? Ask us
Hi 👋 Ask anything about NHI risk, deployment, compliance or pricing, or start a free trial and see your score.
Start free trial →
Prototype, vendor chat widget mounts here (e.g. Intercom Fin).