Kyūdō
Microsoft Security Integrations

You already have the security truth.

Defender, Sentinel, Purview, Entra — the telemetry exists. What you lack is the governed layer that makes it audit-ready.

Request Demo View Deployment Options
Microsoft Co-Sell PartnerMISA MemberSolutions Partner: SecurityAzure Marketplace
Integrations

Every signal becomes evidence. Every evidence item traces to a control.

Each integration maps to specific controls and produces audit-ready evidence automatically.

Microsoft Defender XDR

Unified threat detection across endpoints, email, identity, and cloud apps.

Data Collected

Incidents, alerts, device compliance, threat intelligence, secure score

Evidence Produced

EDR deployment status, malware detection logs, incident response records

Controls Impacted

Endpoint protection, malware defense, incident response, threat detection

Microsoft Purview

Data governance, classification, and data loss prevention across your estate.

Data Collected

Sensitivity labels, DLP policy matches, data classification results

Evidence Produced

Data classification reports, DLP incident logs, retention policy compliance

Controls Impacted

Data classification, DLP, retention, encryption, privacy

Microsoft Sentinel

Cloud-native SIEM with AI-powered security analytics and threat hunting.

Data Collected

Security incidents, alert rules, workbook data, hunting queries

Evidence Produced

SIEM coverage reports, incident response metrics, log retention proof

Controls Impacted

Security monitoring, log management, incident detection, forensics

Microsoft Entra ID

Identity and access management, including Conditional Access and Privileged Identity Management.

Data Collected

User/group configurations, CA policies, PIM assignments, sign-in logs

Evidence Produced

MFA enrollment reports, privileged access reviews, access control matrices

Controls Impacted

Access control, authentication, authorization, identity lifecycle

Azure Policy

Governance policies for Azure resources with compliance state and drift detection.

Data Collected

Policy assignments, compliance states, remediation tasks, exemptions

Evidence Produced

Cloud resource compliance reports, configuration drift alerts, policy audit logs

Controls Impacted

Configuration management, change control, cloud security, compliance

Defender for Cloud

Cloud security posture management and workload protection across Azure, AWS, and GCP.

Data Collected

Secure score, recommendations, security alerts, vulnerability assessments

Evidence Produced

CSPM reports, vulnerability scan results, security benchmark compliance

Controls Impacted

Vulnerability management, cloud security, workload protection, posture

Evidence Pipeline

From telemetry to audit-ready evidence

Kyudo transforms raw Microsoft Security data into structured, control-mapped evidence through a four-stage pipeline.

Step 1

Collect

Read-only API calls gather telemetry from your Microsoft Security services on a configurable schedule.

Step 2

Normalize

Raw data is transformed into standardized evidence artifacts with metadata, timestamps, and source attribution.

Step 3

Map

Evidence is automatically mapped to controls across every framework in your compliance program via the Compliance Graph.

Step 4

Validate

Freshness checks, completeness scoring, and drift detection ensure evidence remains audit-ready at all times.

Permissions

Minimal permissions, maximum evidence

Kyudo requests only read-only permissions required for evidence collection. No write access to your environment.

  • User.Read.AllRead user profiles for access reviews
  • Group.Read.AllRead group memberships for RBAC evidence
  • Directory.Read.AllRead directory configuration
  • Policy.Read.AllRead Conditional Access policies
  • AuditLog.Read.AllRead sign-in and audit logs
  • SecurityEvents.Read.AllRead security alerts
  • ReaderReader role at subscription scope
  • Security ReaderSecurity Reader role for Defender for Cloud
  • Policy Insights Data ReaderPolicy Insights Data Reader for Azure Policy
  • Log Analytics ReaderLog Analytics Reader for Sentinel queries
  • Incident.Read.AllRead security incidents
  • Alert.Read.AllRead security alerts
  • Machine.Read.AllRead device information
  • Score.Read.AllRead Microsoft Secure Score
  • DataClassification.Read.AllRead classification labels
  • DlpPolicy.Read.AllRead DLP policy configurations
  • Compliance.Read.AllRead compliance data
Supported Services

Built for the Microsoft ecosystem

Kyudo integrates natively with the services your security team already runs. No agents. No middleware. Direct API integration.

Microsoft Defender XDR
Microsoft Defender for Cloud
Microsoft Purview
Microsoft Sentinel
Microsoft Entra ID
Azure Policy
Microsoft Intune
Azure Key Vault
Azure Monitor
Microsoft 365
See It Live

See integrations in action

Book a demo to see how Kyudo transforms your Microsoft Security telemetry into audit-ready evidence.

No cost. No commitment. Bring your security team.