What PAA Finds
The problems are already there. Most teams just can’t see them yet.
We don’t have polished logos to show you, and we won’t invent them. What we have is better: the findings that show up again and again across real Azure and Microsoft 365 environments, and a transparent account of how every one of them is produced.
Download a sample reportWhat shows up, again and again
These are patterns, not promises. Your environment will look different — most do. The examples below are anonymized from real assessments.
Cost
Spend that leaks quietly
Orphaned disks, over-provisioned SKUs, forgotten public IPs, retention policies nobody set. None of it shows up as an alert. It just bleeds month after month. One assessment commonly surfaces five figures of annual waste — in one anonymized SaaS environment it was around €180,000.
Identity
Access that grew past what anyone intended
Standing Global Admins, service principals with Owner on the whole subscription, no PIM, no review cadence. In one environment an over-privileged service account had been silently changing security settings for months — found two weeks before a planned SOC 2 audit.
Exposure
Things reachable from the open internet
Storage accounts with public blob access, NSGs allowing 0.0.0.0/0 on management ports, databases without private endpoints. Usually not on purpose. Usually nobody knew.
Visibility
Nobody actually watching
No diagnostic settings, no NSG flow logs, no activity-log alerts on role assignments or policy changes. When something goes wrong, there is no trail to follow.
Compliance
Control gaps you cannot see from the portal
NIS2, DORA, GDPR, ISO 27001 and SOC 2 each expect specific controls in place. PAA maps your real configuration against them and shows precisely where the gaps are — with the evidence to back each one.
Secrets
Credentials living in the wrong place
Connection strings in app settings, keys in plain configuration, no Key Vault, no rotation. The kind of thing that is invisible until it is on a screen during an incident review.
How we know
Why these findings hold up
A finding is only useful if you can put it in front of a board, an auditor, or a skeptical engineer and have it survive. Here is how PAA earns that.
700+ deterministic checks
Across Azure, Microsoft 365 and Zero Trust — rule-based, not guesswork. The same check produces the same result every time, which is what makes a finding defensible to an auditor.
AI synthesis on top
The checks find facts. Specialized agents turn those facts into prioritized findings, remediation code, and an explanation a stakeholder can read — with the reasoning visible, not hidden.
Adversarial review before anything surfaces
Every assessment runs a three-pass adversarial review that tries to break its own conclusions before you see them. Findings carry an explicit confidence level. You accept or reject each one.
Evidence attached to every finding
Each finding cites the specific resource, the specific Microsoft framework check, and what was observed. The authority is Microsoft’s framework, not our opinion.
Who built it
Patterns earned the hard way, then encoded.
PAA is not generic AI pointed at Azure documentation. The findings, the heuristics, and the remediation approaches come from a decade at Microsoft for Startups and three years working hands-on with startup teams — the architectures that scaled, and the ones that quietly fell over.
That experience is now in software: available on demand, applied consistently, at a fraction of what a review used to cost.
Marc Dekeyser
Founder, Crimson Owl Technologies
Former Microsoft for Startups architect
10
Years at Microsoft
3
Years working hands-on with startups
See for yourself
Real sample reports. No signup.
The same format your own assessment produces. Read the output before you ever connect a tenant.
Architecture Assessment
PDF · Sample
Full WAF pillar analysis with severity-ranked findings and remediation code.
Download sample →
Compliance Report
PDF · Sample
NIS2, DORA, GDPR and SOC 2 mapping with deterministic rule results.
Download sample →
Cost Optimization Report
PDF · Sample
Waste identification, SKU rightsizing and projected savings estimates.
Download sample →
Risk Assessment
PDF · Sample
Prioritized risk register with exploitability and business impact scoring.
Download sample →
Monthly Architecture Report
PDF · Sample
Trend tracking and delta analysis — what changed since last month.
Download sample →
Quarterly Architecture Report
PDF · Sample
Executive summary with WAF health score evolution over time.
Download sample →
Find out what’s in your environment.
Start with a €99 Day Pass. Read-only access, no changes to your environment, results in hours.
