READ-ONLY - ZERO INSTALL - REVOCABLE INSTANTLY
See every AI agent
inside your Microsoft 365
Mangudai connects read-only to your Entra ID via admin consent. No software installed. No credentials shared. Your Global Admin clicks Accept that's it.
Click Connect
->
Admin Signs In
->
Consent Screen
->
App Created
->
Recon Begins
AuditLog.Read.All
Application.Read.All
Directory.Read.All
User.Read.All
Reports.Read.All
Zero write permissions
Nothing stored after session
Revoke in 30 seconds
EU data residency maintained
Running tenant recon
Initialising Microsoft Graph recon
0%
Mangudai Command Centre
Mangudai Dev - Live recon pending
Total Agents
73
+4 this session
Managed
61
83.6% coverage
Undeclared
10
2 new this session
Rogue Signals
2
To review
Scope Drift
At Risk
72%
of agents hold permissions beyond their declared mandate
Undeclared Agents
At Risk
10
agents active with no registration record or verified owner
EU Boundary Events
Review
3
data movements outside declared EU scope in last 30 days
Active Agents 73 registered 68 online
| Agent | Type | Status | Last Seen |
|---|
Rogue Signals
live
Loading live Graph signals
No hardcoded demo signals are displayed in live-first mode.
EU Readiness
LIVE
Enforcement deadline 69 days August 2, 2026
Art. 9 Risk Management Done
Art. 13 TransparencyIn Progress
Art. 24 Human OversightIn Progress
Real-time
Signal Feed
Every agent action, as it happens - scored against declared operating profile
Recon Signals
Session Stats
Events (30 days)47,382
Active agents11
Shadow Principals3
Rogue Signals flagged2
EU boundary events3
Data sourceGraph API
Agents
Registered, managed, undeclared, and Shadow Principal agents
Agent Inventory
| Agent | Type | Status | Permissions | Owner | Last Seen |
|---|
Drift Analysis
Three-source validation: declared permissions, actual Graph activity, and 30-day baseline drift
Events Analysed
47,382
Graph audit events across the last 30 days.
Validation Gaps
14
Differences between declared and observed drift.
Boundary Events
3
Potential EU data movement requiring evidence.
CISO Output
Intelligence Pack
Plain-English findings and recommended actions.
Signal Drift
After-hours activity
61%
Permission drift
74%
Cross-boundary requests
33%
Recon Signals
| Agent | Declared | Observed | Finding | Action |
|---|---|---|---|---|
| Live drift rows will appear after audit/activity telemetry is connected. No hardcoded demo drift data is displayed in live-first mode. | ||||
How Mangudai Scores Drift Analysis
1
Declared permissions
What the app registration and consent grants say the agent should do.
2
Actual API calls
What audit logs prove the agent did during the customer window.
3
Baseline deviation
Whether activity is growing, moving boundaries, or happening out of policy.
Identity Trace
Detecting unknown, unregistered, and mis-owned AI agents from identity and runtime signatures
Unknown Identity Traces
Live
Derived from Microsoft Graph service principal recon.
Source
Graph
No hardcoded identity trace examples are displayed.
Missing Owners
Live
Owner resolution requires Graph owner enrichment.
Mode
Live
Demo enrichment disabled.
Unidentified Identity Traces
Live Identity Trace
Identity Trace now uses live Microsoft Graph principal data. Runtime fingerprint examples are disabled until audit/activity telemetry is connected.
Identity Trace Evidence Sources
Directory objects
Service principals, app registrations, owners, consent grants and publisher verification.
Runtime drift
API paths, call volume, time window, resource family, and data destination.
Usage footprint
Breadth, depth, direction and boundary movement used for risk scoring.
Client Conversation
A
Discover Shadow Principals
Mangudai identifies agents IT did not approve or cannot explain.
B
Attach accountability
Every agent needs an owner, purpose, risk class and remediation state.
C
Create evidence
Findings roll into the risk register and Intelligence Pack for compliance discussion.
EU Readiness
Compliance posture and enforcement readiness
Compliance Score
LIVE
38%
Readiness Score
Enforcement deadline
69 days August 2, 2026
Risk-based classification applied
High attention agents flagged for review
Documentation trail maintained
High attention agents flagged for review
Documentation trail maintained
Article Breakdown
Art. 9
Risk Management System
Done
Art. 10
Data Governance
In Progress
Art. 13
Transparency Obligations
In Progress
Art. 14
Human Oversight
In Progress
Art. 15
Accuracy & Robustness
In Progress
Art. 24
Provider Responsibilities
In Progress
Risk Exposure Summary
Scope Drift
72%
Identity Coverage
84%
EU Boundary Events
3
Next Actions
Review live Graph signals
Signal Feed now uses live Microsoft Graph recon output.
Resolve owner coverage
Owner enrichment should be connected before production demos.
Update transparency docs
Art. 13 requires user-facing disclosures for AI interactions
V1 EU Readiness Assessment Matrix
| Obligation | What V1 Checks | Current Result | Commercial Output |
|---|---|---|---|
| Art. 9 Risk Management | Risk score, agent classification, severity banding | In place | Executive risk summary |
| Art. 10 Data Governance | Data source, destination, EU boundary events | 3 gaps | Boundary evidence section |
| Art. 11 Technical Documentation | Purpose, owner, permissions, evidence note | Missing docs | Risk register row per agent |
| Art. 13 Transparency | User-facing disclosure and declared purpose | In progress | Remediation queue |
| Art. 14 Human Oversight | Assigned owner and oversight route | Highest gap | Before-August-2 actions |
| Art. 15 Robustness | Baseline drift, abnormal activity, incident signal | Monitored | Signal Drift Intelligence Pack |
Presentation Narrative
1
We found the agents
Registered, Shadow Principal, high-attention and ownerless agents are visible in one assessment.
2
We classified the risk
Each agent gets security signals, EU Readiness article status and August 2 readiness.
3
We produce evidence
The Intelligence Pack becomes the documented risk register a CISO can show as good-faith compliance progress.
EU Readiness
V1 EU Readiness assessment spec - agent register, article gaps, and Intelligence Pack output
Readiness Score
38%
Good-faith readiness baseline
Mangudai classifies principals, maps article gaps, and creates the evidence trail a CISO can use before August 2.
Deadline: August 2, 2026
Article Signals
Art. 9Risk Management SystemDone
Art. 10Data GovernanceGap
Art. 11Technical DocumentationGap
Art. 13Transparency ObligationsIn Progress
Art. 14Human OversightGap
Agents Found
17
14 registered - 3 Shadow Principals
Need Attention
7
Security or compliance gap
High Attention (Annex III)
6
EU Readiness obligations apply
August 2 Ready
3
of 17 agents fully ready
Agent fleet - tap a card to review
V1 release fit analysis
Realistic for V1Classification, article flags, owner gaps, and Intelligence Pack evidence section can sit on top of current discovery and scoring.Include
Keep lightweightUse a rules-based mapper for Art. 9, 10, 11, 13, 14, 15 and 24 instead of full legal automation.V1 scope
Needs dataOwner, declared purpose, permissions, audit events, and evidence notes need to be collected during the recon.Dependency
PositioningThe deliverable becomes a documented risk register a CISO can show as good-faith compliance progress.Strong
Intelligence Pack output
1Executive summary with August 2 readiness score and penalty exposure context.Ready
2Per-agent EU Readiness classification with Annex III high-attention markers.Ready
3Article gap matrix with remediation owner, due date, and evidence trail.Build
4Prioritised fixes before August 2: unregistered agents, owner gaps, Art. 14 oversight.Ready
Documentation
Intelligence Pack & Export
Generated:
EU Readiness
Current Score
Risk Exposure
High
Scope Drift
Agent Statistics
Total Agents:73
Managed:61
Undeclared:10
Rogue Signals:2
Recent Activity
Live Microsoft Graph recon connected
Service principals and app registrations are loading from Entra
Demo enrichment disabled in live-first mode
Audit/activity enrichment is the next step for true behavioural drift
Available Intelligence Pack Formats
Generated Intelligence Pack Archive
Executive Risk Summary
24-hour tenant overview, rogue signal breakdown, and undeclared agent exposure summary.
EU Readiness Pack
Per-agent classification, Annex III markers, article-level gaps, remediation queue, and evidence notes for a CISO-ready risk register.
Agent Inventory Export
Full list of registered and Shadow Principal agents with ownership metadata.
Signal Drift Intelligence Pack
Declared vs observed runtime drift with deviation scoring.