Early access

Conditional Access operations for Microsoft Entra

Policytab helps MSPs and internal IT see drift, model sign-in impact, and apply CA changes with evidence - whether you manage one tenant or dozens.

What we are building

Conditional Access is where identity strategy meets daily firefighting. Policytab gives operators one workspace: resync-backed drift against a known baseline, sign-in impact before enforcement, and a change workflow that never skips dry-run or audit logging.

We are in early access - shipping weekly, answering contact forms, and publishing docs at /docs so you can evaluate security before connecting production tenants.

Built for CA operators

We run Entra Conditional Access in production. Policytab is the console we wanted for drift, sign-in impact, and changes that stay auditable.

Governed by default

Every CA write runs dry-run, optional second-admin approval, pre/post snapshots, and rollback. Drift stays read-only until you open a change request.

Open baseline reference

Import community Conditional Access baselines from GitHub into your workspace library. Each tenant's drift baseline is chosen at onboarding - imported snapshot by default, or a workspace baseline you assign.

Focused scope

One product for Conditional Access operations. Architecture docs are public so security reviewers do not have to guess how tenancy works.

Follow along

Release notes on the changelog. Product questions on the FAQ.

What we are building

We are in early access - shipping weekly, answering contact forms, and publishing docs at /docs so you can evaluate security before connecting production tenants.