Security posture

Permafrost ships with Reader-class consent. The Microsoft Graph and Azure Resource Manager scopes the product requests are the minimum required to enumerate identities, read role assignments, and read activity logs. No write scope is part of the default consent.

Adding write capability is a deliberate, separate event. The customer must re-consent to any write-scope addition; the existing read-only consent does not silently expand. Every additional scope appears in the consent dialog the customer authorizes.

Permafrost never holds a write-capable token to a customer tenant. No service-principal credential in the backing store can change the state of a customer’s Azure environment. Every remediation that touches a customer tenant runs through one of three modes the customer chooses (covered in detail on three-mode remediation):

• Mode A is a Markdown playbook the customer runs against their own tenant using their own tooling. Permafrost is not a party to the write.
• Mode B is a downloadable script the customer reviews and runs in their own session with their own credentials. Permafrost is not a party to the write.
• Mode C will be the in-product action: a session-scoped OAuth grant authorized by the analyst at the moment of execution. The token will live in memory only, expire inside one hour, and be discarded the moment the session ends. Nothing is persisted to the backing store. Mode C is in active blast-radius modeling through 2026-06-10.

The invariant is load-bearing. Every remediation surface in Permafrost is structured so no write can succeed without a fresh, time-limited, customer-authenticated authorization handed to the product at the moment of action.

Permafrost operators can view a customer’s data through a signed, time-limited, audited support session. Three properties hold whenever that happens.

• Every read is logged with the operator identity, the customer scope, and the timestamp.
• Operators have no write capability against a customer’s tenant under any circumstance. The read-only consent constraint applies to operator sessions the same way it applies to ordinary customer sessions.
• The customer is notified in their dashboard when an operator session is active. The visibility is unconditional — there is no operator-only mode that hides this signal.

Every dataset Permafrost holds is partitioned by customer. Identities, role assignments, activity-log evidence, findings, UPRS scores, and remediation history all sit inside the customer they belong to. No shared join key spans customers.

The isolation is structural, not a policy decision. Permafrost does not aggregate or sample data across customers for training, modeling, or benchmarking. There are no cross-customer comparison features. If Permafrost ever ships a feature that compares one customer to a peer group, it will be opt-in and it will not expose any other customer’s identifiable data. That is a constraint the product holds itself to.

A short list of items you might assume are held in the backing store but are not.

• No customer-tenant credentials. No client secrets, no certificates, no refresh tokens that grant standing access to a customer tenant.
• No Mode C OAuth tokens after session end. When Mode C executes an action, the token will exist in process memory only for the lifetime of that action, then be discarded.
• No visitor IP addresses in the marketing analytics that power public pages. Do-Not-Track is honored by default.
• No sign-in logs as a primary surface. Permafrost pulls just enough activity-log data to evidence permission-gap findings. It is not a log retention destination.

Permafrost is in active build toward formal certification. Today’s posture, in plain terms.

• Hosted on a major cloud provider with their substrate certifications (SOC 2, ISO 27001, ISO 27018) attesting the infrastructure layer.
• Read-only consent baseline and the zero-standing-write invariant described above. Both are auditable: the consent scopes are visible to the customer in their tenant’s enterprise-app blade, and the no-write claim is verifiable by inspecting the consent grant.
• Operator boundary with full audit trail described above.

Certifications Permafrost does not yet hold are not listed. The list above will expand as evidence packs land. If your procurement or security-review team needs current status before a longer security review, contact us through your account team for what is current.