Azure landing zones · drift · exceptions · evidence

Your landing zone is a snapshot. Make it an operating system.

Guardrail Ledger turns Azure Policy, Defender, and ARM telemetry into a weekly drift digest, an exception ledger, and a monthly evidence pack your auditor and your board can both read.

View Guardrail Ledger in Spot Suite See what gets compared

Three pillars, one weekly cadence

DRIFT

Weekly diff against your landing-zone baseline. Resource, RBAC, tag, network exposure deltas.

EXCEPTIONS

Approve, expire, and audit policy exceptions in one ledger. Reviewer, scope, expiry, evidence.

EVIDENCE

Monthly PDF guardrail pack ready for auditors, MSP customers, or your own board.

What it reads

Azure-only. Reader role plus Policy Insights. No CNAPP, no multi-cloud, no agent on the workload.

Azure Resource Manager
Azure Policy
Defender for Cloud
Activity Log
RBAC assignments
Resource tags
Key Vault
Your ITSM

Pricing

Per subscription pack and protected resource count. Private-offer or invoice paths are scoped during rollout.

Single estate

€149

Published from Spot Suite catalog

One production estate. Weekly drift digest. Monthly pack.

Multi-subscription

from €299

Published from Spot Suite catalog

Multi-subscription estates. Exception ledger. Custom baselines. From 2,500 monitored resources.

MSP

from €799

Published from Spot Suite catalog

Multi-customer operation. White-label monthly packs.