Skip to main content

NEW! Sign up for our 30-minute security consultation

Book a Demo
Blog

Senserva Drift Manager Support Page

 
 

Accelerate Your Security with the Senserva Drift Manager

Welcome to the Drift Manager from Senserva! We are happy to have you check us out!

SDM

 

 

Configuration Drift Detection for Azure Environments

Drift Manager is a comprehensive solution designed to detect configuration differences across your customer base. Ideal for Managed Service Providers managing multiple environments, it addresses one of the leading causes of security breaches and data exfiltration: configuration drift.

Key Benefits:

  • Secure, tenant-based deployment - your data stays within your environment
  • Automated drift detection across multiple Azure services
  • Integration with popular ticketing systems
  • Free and premium tiers available

Pricing & Editions

Free Edition (Basic)

Available to everyone with access to core Azure scanning areas:

Entra ID:

  • Conditional Access policies
  • Microsoft Authenticator policies
  • Directory settings

Microsoft Intune:

  • Configuration policies
  • Anti-virus policies
  • EDR policies
  • Attack Surface Reduction (ASR) rules

Defender for Office 365:

  • Anti-phishing policies
  • Anti-malware policies
  • Anti-spam (inbound/outbound) policies

Premium Edition (Advanced)

Includes all Basic features plus:

Microsoft Sentinel:

  • Security analytics configurations
  • Workbook and rule monitoring

Defender for Cloud:

  • Security posture configurations
  • Policy compliance tracking

Defender for Cloud Apps:

  • Cloud application security policies
  • Data loss prevention settings

Note: Upgrading from free to premium requires no additional installation - simply purchase through our SaaS platform and the Drift Manager will automatically detect and unlock additional features.

Installation Requirements

Prerequisites

  • Owner rights to the installation location
  • Ability to make purchases for the chosen hosting location
  • Azure subscription access

Automated Setup Process

The installation creates the following Azure resources in your subscription:

  • Web App
  • Azure Function
  • SQL Server
  • Key Vault
  • SignalR service
  • Managed Identity

App Registration Setup

Drift Manager requires two App Registrations for secure access:

  1. Internal: Within your host tenant
  2. External: For scanning customer environments

Setup Options:

  • Use our automated GitHub script (recommended)
  • Follow manual step-by-step instructions

Required Permissions:

  • Microsoft Graph: Multiple Read.All permissions across various services
  • Azure Service Management: User_impersonation
  • Office 365 Exchange Online: Exchange.ManageAsApp (read-only despite name)
  • Entra Role Assignment: Security Reader (recommended)

Certificate Management

  • Authentication certificate automatically generated in Key Vault during installation
  • For production use, we recommend obtaining certificates from trusted Certificate Authorities (DigiCert, GlobalSign)
  • Certificate updates can be performed through Key Vault management

Data Export Features

Export Capabilities

  • Available on all data pages (Variances, Ultimate Standards, Event Logs)
  • Supports JSON and CSV formats
  • Options for filtered or complete data export

Access Control

Export functionality requires one of these roles:

  • Ultimate Standard Manager
  • Data Exporter

Roles are defined in the Drift Manager Internal App Registration

Multi-Tenant Handling

When exporting data from multiple tenants, results are automatically separated into individual tenant files while respecting format and filter selections.

Ticketing System Integration

Supported Platforms

  • AutoTask
  • ConnectWise
  • FreshDesk
  • ServiceNow
  • ZenDesk

Customization Options

Ticket Creation Control:

  • Configure at Data Group or individual Data Type level
  • Control ticket volume to appropriate levels
  • Choose between Variance-only or Variance + Missing drift tickets

Automation Features:

  • Auto-close tickets when drifts are approved
  • Streamlined notification and troubleshooting workflow
  • Documentation trail for client reporting

Note: Ticketing integration is optional - Drift Manager provides a complete experience through its native platform.

Frequently Asked Questions

General

Q: What if I want to scan something not included in either edition? A: Contact our team at support@senserva.com - we're happy to extend the scanner to meet your specific needs.

Q: Can I customize which services to audit in the Advanced Edition? A: Absolutely! You can select specific services to audit and tailor the experience to your requirements.

Advanced Edition Setup

Q: Do I need to set up Defender for Cloud Apps if I don't use it? A: No - you can choose which services to audit. The experience is tailored to your selections.

Q: What's the additional setup for Sentinel and Defender for Cloud? A: These require specific RBAC role assignments for the App Registration. Defender for Cloud Apps requires a service account with Security Reader role and access token creation.

Support

Ready to get started? Download Drift Manager from the Microsoft Azure Marketplace

For questions, concerns, or custom requirements, contact our team at support@senserva.com.

The Senserva team is excited to help you implement comprehensive configuration management across your Azure environments.