diff --git a/app/Services/Intune/TenantPermissionService.php b/app/Services/Intune/TenantPermissionService.php
index df97dc3..cec4f28 100644
--- a/app/Services/Intune/TenantPermissionService.php
+++ b/app/Services/Intune/TenantPermissionService.php
@@ -142,8 +142,9 @@ public function compare(
         $hasMissing = false;
         $hasErrors = false;
         $checkedAt = now();
+        $tenantWorkspaceId = $this->resolveTenantWorkspaceId($tenant);
 
-        $canPersist = $persist && $tenant->workspace_id !== null;
+        $canPersist = $persist && $tenantWorkspaceId !== null;
 
         if ($canPersist && $liveCheckMeta['attempted'] === true && $liveCheckMeta['succeeded'] === false) {
             // Enterprise-safe: never overwrite stored inventory when we could not refresh it.
@@ -189,9 +190,9 @@ public function compare(
                     [
                         'tenant_id' => $tenant->id,
                         'permission_key' => $key,
+                        'workspace_id' => $tenantWorkspaceId,
                     ],
                     [
-                        'workspace_id' => $tenant->workspace_id,
                         'status' => $status,
                         'details' => $details,
                         'last_checked_at' => $checkedAt,
@@ -328,6 +329,29 @@ private function configuredGrantedKeys(): array
         return config('intune_permissions.granted_stub', []);
     }
 
+    private function resolveTenantWorkspaceId(Tenant $tenant): ?int
+    {
+        $workspaceId = $tenant->getAttribute('workspace_id');
+
+        if (is_numeric($workspaceId)) {
+            return (int) $workspaceId;
+        }
+
+        if (! $tenant->exists) {
+            return null;
+        }
+
+        $workspaceId = Tenant::query()
+            ->whereKey($tenant->getKey())
+            ->value('workspace_id');
+
+        if (! is_numeric($workspaceId)) {
+            return null;
+        }
+
+        return (int) $workspaceId;
+    }
+
     /**
      * Fetch actual granted permissions from Graph API.
      *
diff --git a/tests/Unit/TenantPermissionServiceTest.php b/tests/Unit/TenantPermissionServiceTest.php
index a5f0a53..c43ece2 100644
--- a/tests/Unit/TenantPermissionServiceTest.php
+++ b/tests/Unit/TenantPermissionServiceTest.php
@@ -175,6 +175,25 @@ function requiredPermissions(): array
     ]);
 });
 
+it('persists permissions when the tenant instance does not have workspace_id loaded', function () {
+    $tenant = Tenant::factory()->create();
+
+    ensureDefaultProviderConnection($tenant, 'microsoft');
+
+    $tenantWithoutWorkspaceId = Tenant::query()
+        ->select(['id', 'tenant_id', 'external_id', 'name', 'status', 'environment'])
+        ->findOrFail((int) $tenant->getKey());
+
+    expect($tenantWithoutWorkspaceId->getAttribute('workspace_id'))->toBeNull();
+
+    app(TenantPermissionService::class)->compare($tenantWithoutWorkspaceId);
+
+    $this->assertDatabaseHas('tenant_permissions', [
+        'tenant_id' => (int) $tenant->getKey(),
+        'workspace_id' => (int) $tenant->workspace_id,
+    ]);
+});
+
 it('does not persist when tenant workspace_id is missing', function () {
     $tenant = Tenant::withoutEvents(function (): Tenant {
         return Tenant::create([
@@ -187,8 +206,6 @@ function requiredPermissions(): array
         ]);
     });
 
-    ensureDefaultProviderConnection($tenant, 'microsoft');
-
     app(TenantPermissionService::class)->compare($tenant, persist: true);
 
     expect(TenantPermission::query()->where('tenant_id', (int) $tenant->getKey())->count())->toBe(0);