MOCKUP GALLERY — 31 pages across Phase 1 + Phase 2 · Generated by scripts/dev/build_mockups.py

Claritiq Mockup Gallery

Click any page for a full mockup. The left-rail nav on each mockup page lets you tab between pages directly — same structure as Power BI Desktop will render. Follow REPORT-DESIGN-SPEC.md when building the real visuals in Desktop.

Cq
Overview
1.14 Shipping
Overview
Executive summary with KPIs across users, computers, groups, and mail provisioning. Landing page for all personas.
Persona: identity → security · 6 KPIs · 2 matrixes → view
Cq
Cleanup Hub
1.59 Shipping
Cleanup Hub
Top-level executive view for cleanup engagements. Per-category progress matrix, velocity tracking, what-next remediation queue. Replaces / absorbs BACKLOG 2.7.
Persona: audit → identity · 6 KPIs · 1 matrix · table → view
Cq
Account Health
1.16 Shipping
Account Health
Every enabled account that has a problem. If IT only looks at one page, this is it. Red/amber KPIs front and center.
Persona: security → identity · 5 KPIs · 1 matrix · table → view
Cq
Users
1.15 Shipping
Users
Flat searchable list of every user with 14 columns. Department × Office matrix for drilling. Sorted by Created descending.
Persona: admin → ops · 5 KPIs · 1 matrix · table → view
Cq
U - Admin Access
1.52 Phase 1 future
U - Admin Access
Every privileged account across the 7 AD admin groups, plus the security findings that apply to them. Dedicated Tier-0 hygiene page.
Persona: security → audit · 6 KPIs · 1 matrix · table → view
Cq
U - Data Quality
1.52 Phase 1 future
U - Data Quality
Where the HR-sourced cosmetic data lives. Attribute completeness, department variations, missing fields. Not a security page — a cleanup page.
Persona: admin → ops · 6 KPIs · 1 matrix · table → view
Cq
U - Hybrid Identity
F.14 Phase 2
U - Hybrid Identity
Deep dive on MailProvStatus: the 89 workaround-provisioned users, the 152 not-mail-enabled, plus Phase 2 cross-references against Exchange Online.
Persona: identity → ops · 6 KPIs · 1 matrix · table → view
Cq
Computers
1.44 Shipping
Computers
Server vs workstation split, OS version distribution, stale computers. End-of-life OS callout for lifecycle planning.
Persona: ops → admin · 6 KPIs · 1 matrix · table → view
Cq
C - Stale Computers
1.52 Phase 1 future
C - Stale Computers
Computer accounts that haven't rotated their machine password in 90+/365+ days. Attack surface and cost signal combined.
Persona: ops → admin · 6 KPIs · 1 matrix · table → view
Cq
C - OS End-of-Life
1.52 Phase 2
C - OS End-of-Life
Past-EOL and upcoming-EOL operating systems. Compliance-critical for regulated customers; upgrade-planning data for IT ops.
Persona: ops → security · 6 KPIs · 1 matrix · table → view
Cq
Groups
1.45 Shipping
Groups
Security vs distribution split, scope breakdown, top 15 largest groups, empty-group callout for cleanup.
Persona: admin → security · 6 KPIs · 1 matrix · table → view
Cq
G - Privileged Groups
1.52 Phase 1 future
G - Privileged Groups
Groups-side view of privileged access. Per-group member rosters for the quarterly access review. Complements U - Admin Access (same data, different pivot).
Persona: admin → security · 6 KPIs · 1 matrix · table → view
Cq
G - Empty Groups
1.52 Phase 1 future
G - Empty Groups
Groups that have nobody in them. Sprawl accumulator from reorgs and retired projects. Usually safe to delete when > 1 year old.
Persona: admin · 6 KPIs · 1 matrix · table → view
Cq
Mailboxes
F.8 Phase 2
Mailboxes
Top-level Exchange Online mailbox inventory. Populated by Phase 2 Mailbox-Inventory runbook. Mailbox type breakdown, retention, delegation coverage.
Persona: identity → ops · 6 KPIs · 1 matrix → view
Cq
M - Large Mailboxes
F.8 Phase 2
M - Large Mailboxes
Which mailboxes are eating the storage budget. Quota headroom, archive eligibility, cleanup candidates.
Persona: ops · 6 KPIs · 1 matrix → view
Cq
M - Orphaned Mailboxes
F.8 Phase 2
M - Orphaned Mailboxes
Mailboxes whose AD user is gone, disabled, or missing. Where the hybrid Exchange cleanup gap manifests in the cloud.
Persona: identity → security · 6 KPIs · 1 matrix · table → view
Cq
Licenses
F.6 Phase 2
Licenses
License inventory top-level. SKU allocation, assigned vs unassigned, monthly cost, disabled users still holding licenses.
Persona: ops → identity · 6 KPIs · 1 matrix → view
Cq
L - License Waste
F.5 Phase 2
L - License Waste
Cost-framed findings. Disabled users still holding licenses, never-logged-in users burning E5, right-sizing candidates. Direct ROI story for IT ops.
Persona: ops → audit · 6 KPIs · 1 matrix → view
Cq
Entra Sign-Ins
F.1 Phase 2
Entra Sign-Ins
Entra ID sign-in data. Active user counts, MFA coverage, risky sign-ins, single-factor-auth holdouts. The cloud side of lifecycle.
Persona: identity → security · 6 KPIs · 1 matrix → view
Cq
E - Never Signed In
F.1 Phase 2
E - Never Signed In
Users who have never signed in to Entra. Intersect with on-prem never-logged-in for ghost detection. Licensed ghosts are cost waste too.
Persona: security → identity · 6 KPIs · 1 matrix · table → view
Cq
Audit Pack
1.52 Phase 1 future
Audit Pack
The page your GRC lead subscribes to. Point-in-time snapshot formatted for audit evidence. Control attestation, quarterly deltas, privileged roster.
Persona: audit → security · 6 KPIs · 1 matrix · table → view
Cq
Forest Health
2.13 Phase 1 future
Forest Health
PingCastle-style forest map. Functional level per domain, FSMO role holders, AD recycle bin status, DSRM password age, DNS zone hygiene.
Persona: admin → security · 6 KPIs · 1 matrix · table → view
Cq
Tier-0 Inventory
1.57 Shipping
Tier-0 Inventory
Closes the BloodHound-shaped 'who is Tier 0' gap without a graph DB. Recursive privileged group expansion, foreign security principals, AdminCount residue.
Persona: security → audit · 6 KPIs · 1 matrix · table → view
Cq
Changes
1.58 Shipping
Changes
Bridges point-in-time and change-audit. Compare today's snapshot to yesterday's and surface deltas without becoming a real-time auditor.
Persona: audit → security · 6 KPIs · 1 matrix · table → view
Cq
C - LAPS Coverage
2.14 Phase 1 future
C - LAPS Coverage
Universal table-stakes finding shipped by every AD security tool. % computers with valid LAPS password, broken down by OS and OU.
Persona: ops → security · 6 KPIs · 1 matrix · table → view
Cq
Trust Map
2.16 Phase 1 future
Trust Map
PingCastle's iconic visual feature. Surfaces trust direction, type, dangerous attribute bits, and which trusts allow SID history (cross-forest DA risk).
Persona: security → audit · 6 KPIs · 1 matrix · table → view
Cq
E - CA Policies
F.20 Phase 2
E - CA Policies
Green-field per competitive review — no SaaS portal surfaces CA policy overlap or gap detection well. Differentiator opportunity.
Persona: security → identity · 6 KPIs · 1 matrix · table → view
Cq
E - Auth Methods
F.21 Phase 2
E - Auth Methods
Per-user MFA / FIDO2 registration matrix. Tenant-level passwordless adoption %. Differentiator vs SaaS competitors that only show enrolled vs not.
Persona: identity → security · 6 KPIs · 1 matrix · table → view
Cq
E - B2B Guests
F.22 Phase 2
E - B2B Guests
Most enterprise tenants accumulate hundreds of forgotten B2B guests. Stale 90/180/365 buckets, never-accepted invite detection, sensitive-group cross-check.
Persona: security → identity · 6 KPIs · 1 matrix · table → view
Cq
M - Distribution Groups
F.23 Phase 2
M - Distribution Groups
DGs accumulate quietly. Empty DGs, no-owner DGs, DGs with no message activity in 90+ days, single-member DGs. Surfaced for cleanup.
Persona: admin → ops · 6 KPIs · 1 matrix · table → view
Cq
Collaboration Sprawl
F.24 Phase 2
Collaboration Sprawl
Empty Teams, orphaned Teams without owners, abandoned SharePoint sites. Cross-source sprawl page (no entity letter — pairs with Identity Census).
Persona: admin → ops · 6 KPIs · 1 matrix · table → view