Everything you wanted to know, before you ask

YouReport IT uses the Microsoft Graph API with a least-privilege principle. For analysis we only need read permissions. For remediations (e.g. enforcing MFA, blocking accounts) we request explicit consent per action. You always see which scopes are active.

All data is stored within the EU, specifically in Germany. That means GDPR compliance and your data is not subject to the US CLOUD Act. No transfer outside Europe.

Fair question. Access happens via an official Microsoft Entra ID app registration using OAuth 2.0. No passwords or service accounts. All connections are encrypted (TLS 1.2+), data-at-rest is AES-256 encrypted. You can revoke access at any time.

The Microsoft admin centers are spread across six portals and each shows part of the picture. YouReport IT consolidates everything, adds history and deltas, and translates technical data into concrete actions. What takes hours in Microsoft shows up here in minutes.

Default is 12 months to enable trends and deltas. You can adjust this retention yourself. On cancellation all your data is permanently deleted within 30 days, with an explicit confirmation sent to you.

Yes. The platform is multi-tenant from the ground up. You manage all your clients from one partner portal, with per-client reports, your own branding and consolidated billing. See the partners page for details.

You can cancel monthly without penalty. On cancellation you receive a full export (JSON + PDF reports) of all your historical data. After that, everything is permanently deleted from our systems and our sub-processors.

Scans can be realtime (on-demand) or scheduled: daily, weekly or monthly. Critical events (bulk downloads, privileged account changes, logins from unusual locations) come through webhooks within seconds.