Auditing Access

You can audit everything Velnoro does with your tenant access and revoke it at any time.

In Your Azure Portal

All API calls Velnoro makes appear in your Entra ID sign-in logs under your app registration's service principal. You can:

1. Go to Azure Portal > Entra ID > Enterprise applications
2. Find the app registration you created for Velnoro
3. View Sign-in logs to see every authentication event
4. View Audit logs to see permission changes

In Velnoro

• Connection status shows the current auth state of each connection
• Scan history logs every scan with timestamps and results
• Connection test validates credentials and API access on demand

Revoking Access

To immediately stop Velnoro from accessing your tenant:

1. Go to Azure Portal > App registrations
2. Find your Velnoro app registration
3. Delete the client secret (or the entire app registration)
4. Velnoro's access is revoked immediately

In Velnoro, the connection status will update to "Needs Reauth" or "Failed" on the next health check (runs every 6 hours) or when a scan is attempted.

Data Retention

• Free/Discovery tier: Scan data is retained for 30 days. A daily background job automatically removes expired scans.
• Business tier: Scan data is retained for 365 days (12 months).
• Credentials: Retained as long as the connection exists, regardless of tier.
• After trial expiry: You move to the Discovery (free) tier with 30-day scan data retention. Scans still work. Business features are gated.
• After subscription cancellation: Same as Discovery tier (30-day retention).
• Account deletion: All data is permanently and irreversibly deleted. Encrypted credentials are securely zeroed before deletion. Active scans are cancelled. Stripe subscriptions are cancelled.

Troubleshooting