Permafrost documentation
Reference and orientation for the CIEM platform for Microsoft Cloud. Start with what Permafrost is, then move into architecture, remediation, and security posture.
Highlighted entry points
Coming from Microsoft Entra Permissions Management?
Microsoft retired Entra Permissions Management on November 1, 2025. Here is what Permafrost covers for ex-MEPM customers on Azure, and what we do not try to be.
Read the briefLooking for Permissions Creep Index?
Permafrost's permission-gap analysis is the deterministic recovery of Microsoft's PCI methodology on Azure. UPRS per identity, RBAC-only, evidenced by activity logs.
Read the briefThe library
What is Permafrost
Product framing, who Permafrost is for, and what category it lives in.
OpenHow it works
CIEM architecture. The ARM-RBAC vs Entra-consent split. Data flow at the conceptual level.
OpenThree-mode remediation
Manual playbook, downloadable script, in-product OAuth session. Zero standing write access.
OpenSecurity posture
Read-only by default. Operator boundary. Tenant isolation. What Permafrost does not store.
OpenPositioning
CIEM-not-SIEM. Permission posture. What Permafrost is not.
OpenPricing
Community Edition and Professional Edition. How principals are counted and what each edition includes.
OpenLooking for the marketing landing instead? Permafrost EPM home. Ready to try it? Start the free trial.