Machine-verifiable identity governance VeriDM

Ontology-Driven Identity Governance for Microsoft Entra ID

VeriDM maps Microsoft Entra ID, Conditional Access, privileged access, device trust, and audit evidence across six identity domains and six lifecycle stages to produce machine-verifiable architecture artifacts.

Control grid

36 cells

Primary focus

Identity truth

Method

Intent ↔ enforcement

Ontology matrix

Every cell is clickable and updates the inspector with a specific control posture.

Identity runtime and deploy cells are flagged as high-heat Conditional Access territory, device cells are watch zones, and the remaining matrix shows cited verification coverage patterns.

VeriDM 6×6 Matrix

Select any intersection

Control inspector

Identity × Runtime

Primary hotspot

CA Policy: Enforced

Live Conditional Access enforcement

Active Conditional Access logic is currently blocking unauthorized entry, making this a live runtime enforcement cell rather than a design-only claim.

Primary risk
Policy drift between declared MFA requirements and what sign-in logs actually show in production.
Evidence:Graph
GET /auditLogs/signIns and Conditional Access status fields for enforced identity controls.
VeriDM tag
ZT:RequireMFA
Architect note
Silence is absence: if the artifact or runtime proof is missing, the control is not assumed to exist.

Open Review See Operational Loop

Executive roadmap

How to use this ontology in the rest of the VeriDM experience.

Immediate actions

Use the grid to identify cells where policy intent exists but proof does not. Those become the first gap register entries.

Scaling strategy

Promote the cited control patterns into reusable architecture records, so every domain-stage answer stays deterministic.

Expected ROI

Reduce time-to-evidence by moving from narrative audit responses to pre-mapped, inspectable control states.

Pages

This Page