What is the difference between "Full Scan" vs "Incremental Scan" in Rencore Governance?

Rencore Governance scans your Microsoft 365 tenant continuously for changes to your data so that you always see the most current state in your dashboards and inventories and can trigger automations based on those changes (for more details please see continuous scanning).

The scanners do either a full or an incremental scan, to keep the load on your tenant at a minimum.

Full Scan

Rencore Governance scans the data completely. A full scan is performed when you first connect your tenant to create a baseline. Subsequent full scans are done at various intervals to create a new baseline. The system determines whether a full scan should be performed again.

Depending on the size of your tenant and the service that is scanned, a complete full scan can take several days because some data, like metadata of SharePoint or OneDrive Files, cannot be quickly retrieved. This is a built-in throttling capability of the Microsoft 365 service, which Rencore Governance respects to avoid being blocked.

Incremental Scan

Rencore Governance only scans the changes since the last full/incremental scan. Incremental scans are performed once your first full scan has been completed.

By only scanning information that has changed, the load and traffic on your tenant is reduced and allows Rencore Governance to show you up-to-date information quicker.

How incremental scans are performed depends on the service that is scanned.


The incremental scan collects only sites and files metadata that have been modified (deleted, new or updated files) since the last scan.

Microsoft 365 Users and Groups

The incremental scan collects Groups when they have changes (delta query). Users are always collected to update the last sign-in date on daily basis.


The incremental scan collects only Flows/Apps that have been created or updated since the last scan, Flow runs are collected if they occurred since the last scan.

Azure AD

The incremental scan collects audit logs and directory audit data that occurred since the last scan.