Terms of Use

AppConfig² Suite — suite-level overview

Last updated: June 7, 2026

1. Acceptance of Terms

By accessing or using any tool in the AppConfig² Suite, you agree to comply with these suite-level Terms of Use and with the tool-specific Terms of Use that govern the individual tool you are using. If you do not agree to these terms, please do not use any AppConfig² tool or service.

2. The AppConfig² Suite

AppConfig² is a suite of browser-based tools for Microsoft Entra ID application management, testing, and analytics. All tools operate as Single-Page Applications (SPAs) that communicate directly with Microsoft Graph API using delegated permissions on behalf of the signed-in user. No tenant data is routed through AppConfig² backend infrastructure during normal tool operation.

The suite is designed for IT administrators, identity engineers, security analysts, and developers who manage Microsoft Entra ID environments.

3. Tool-Specific Terms

Each tool in the suite has its own Terms of Use that govern your use of that tool specifically. The tool-specific terms address the particular permissions, capabilities, and responsibilities associated with each tool's access model. By using any tool, you agree to both this suite-level document and the applicable tool-specific terms.

Tool Access Model Terms of Use
AppConfig
Full configuration management, backup & restore, auth flow testing.
Read + Write. Can create, modify, and delete Entra ID app registrations and related objects. AppConfig Terms of Use
AppTesting
Read-only analysis, auth flow testing, token decoding, permission inspection.
Read only. No write operations on Entra ID objects. AppTesting Terms of Use
AppDashboard
Security analytics — credential hygiene, posture scoring, attack surface mapping.
Read only. No write operations. No backend endpoints. AppDashboard Terms of Use
AppTooling
Focused administration — consent, credentials, manifest editing, Graph Explorer.
Read + Write. All write operations require explicit confirmation. JIT scope consent. AppTooling Terms of Use

4. Access Control — Tenant Allowlist

Tenant Allowlist System: All tools in the AppConfig² Suite use a secure allowlist to control which organisation tenants can access each service. Your organisation's Entra ID tenant ID must be pre-authorised before you can sign in to any tool.

To request access for your organisation:

  • Email support@appconfig.eu with your tenant ID, the specific tool(s) you are requesting access to, and your organisation details
  • Access requests are typically processed within 1–2 business days

5. User Responsibilities & Acceptable Use

All users of AppConfig² tools must:

  • Use each tool only for authorised purposes within their organisation and in compliance with their organisation's IT and security policies
  • Ensure that all necessary permissions and administrator consent have been granted before using a tool
  • Not attempt to access data or applications outside their authorised scope
  • Not attempt to bypass security controls, access restrictions, or the tenant allowlist
  • Report any security vulnerabilities or unexpected behaviour promptly to support@appconfig.eu
  • Comply with all applicable laws and regulations while using the services

Prohibited Uses — all tools:

  • Using any tool to access or operate on tenants you are not authorised to administer
  • Attempting to reverse engineer, tamper with, or misuse any tool
  • Using any tool for malicious purposes or to facilitate unauthorised access

Tools that perform write operations (AppConfig, AppTooling) have additional user responsibilities defined in their respective Terms of Use.

6. Administrator Consent

All tools require a one-time administrator consent to grant Microsoft Graph API delegated permissions. The specific permissions requested vary by tool — refer to each tool's Terms of Use for the complete permissions list. Tenant administrators who grant consent are responsible for ensuring that access is restricted to authorised personnel and that usage complies with their organisation's security and change management policies.

7. Early Access Program

All AppConfig² tools are currently offered as part of an Early Access Program:

  • Features and functionality may change without prior notice
  • Service availability is not guaranteed during this phase
  • Early access participants may be invited to provide feedback
  • Transition to paid subscriptions may occur with advance notice to early access participants

8. Service Modifications & Updates

We reserve the right to modify, update, or discontinue tools or features with reasonable notice; perform scheduled maintenance; update security measures and access controls; and add or remove tenant access from the allowlist based on security or compliance requirements.

9. Limitation of Liability

All tools are provided "as is" without warranties of any kind. AppConfig² and its developers are not responsible for any direct or indirect damages arising from the use or inability to use any tool; service interruptions or downtime; unauthorised access to your Microsoft Entra ID environment by third parties; or compliance violations resulting from improper use. Users of tools that perform write operations bear additional responsibility as defined in those tools' Terms of Use.

10. Privacy

The suite-level Privacy Policy describes data practices common to all tools. Each tool's individual Privacy Policy provides full detail on what that tool accesses, stores, and transmits.

11. Changes to Terms

We may update these Terms periodically to reflect changes in the suite or applicable regulations. Users will be notified of significant updates through in-application notifications or email. Continued use of any AppConfig² tool after such updates constitutes acceptance of the revised terms.

12. Contact & Support

For questions about these Terms, tenant access requests, or technical support, contact us at support@appconfig.eu.