Where we're headed v1.3.0 — live

Claritiq is built in phases. Each one adds a new layer of value — from instant visibility to full identity governance.

Live

Phase 1 — Visibility

See your entire on-prem AD estate clearly. Users, computers, groups, multi-domain forests — surfaced in minutes from a single Power BI Pro install. The starting line for any cleanup engagement.

AD Data Foundation

Multi-domain forest discovery (root + child domains, auto-discover or fixed list) Core
Users, Computers, Groups, Domains entities — 60+ AD attributes per user Core
On-premises data gateway integration with one read-only service account Core
Optional OU / Search Base filter and Extension Attribute labels
Resilient by design: a child domain offline doesn't break the refresh

Detection & Alerts

40+ alerts shipped: privileged exposure, Kerberoastable accounts, delegation risk, stale credentials, lifecycle gaps Core
AD Security Maturity Score — composite 0–100 across five categories New
Cleanup Hub — 18 cleanup categories with progress, velocity and "what's next" New
Tier-0 Inventory — full Domain/Enterprise/Schema admin footprint, including nested groups New
Snapshot-vs-snapshot delta — what changed since last refresh, no DC sensors required New

Reports & Pages

Overview, Account Health, Cleanup Hub — the three pages everyone opens first Core
Per-entity drilldowns: Users (admin access, data quality, hybrid identity), Computers (stale, end-of-life OS), Groups (privileged, empty) Core
Audit Pack — stakeholder-ready evidence page, exportable as PDF
Forest Health, Trust Map, Changes — structural views of the directory itself
Pivot on what matters: top OU, domain, enabled/disabled — not HR cosmetics

Distribution & Foundations

Power BI Pro only — no Premium, PPU, or Fabric required Core
PowerShell one-click installer + Power BI template app Core
Power Automate alert delivery (email / Teams) — built from a single config table
Trend infrastructure — daily aggregate snapshots, retained inside the Power BI model New
Data never leaves your tenant. No telemetry, no phone-home. Core
Building Now

Phase 2 — Hybrid Identity

Extend Claritiq into the cloud half of your estate. Entra ID, Exchange Online and Microsoft 365 licensing — queried directly from Microsoft Graph via Azure Automation runbooks, all under your control.

Entra ID

Sign-in activity per user — days since last interactive / non-interactive sign-inCore
App registrations & enterprise apps unused for X days
Expiring app secrets and certificates
B2B guest hygiene (inactive guests, missing sponsor)
Conditional Access policy review & authentication-method coverage

Exchange Online

Mailbox inventory — sizes, quotas, holds, delegation, last activityCore
Orphaned and inactive shared mailboxes — canonical detection that needs EXO
Distribution group sprawl — empty, owner-less, unused
OneDrive & SharePoint usage, Teams / SharePoint sprawl

Licensing

Microsoft 365 license visibility — assignment vs activity per SKUCore
Disabled users with active licenses — direct cost-waste detection
License right-sizing recommendations (E5 / E3 / E1, F-tier)
Dynamics 365 SKU alerts — renewal-readiness for the licence-owner persona

Cross-source views

Identity Census — AD-only / Hybrid / Entra-only cohort overlap, plus mailbox splitNew
Cleanup Hub expansion — ~14 additional cleanup categories unlock with cloud data
Optional raw-row historical snapshots — daily AD state preserved in your Azure Storage / OneLake
Planned

Phase 3 — Continuous Monitoring

Layer in alert routing, ITSM ticketing, scheduled reports and optional Sentinel / Defender-for-Identity feeds — for organisations ready to operationalise the cleanup, not just see it once a quarter.

Alert & Workflow Integration

Configurable alert routing — per-finding email / Teams / webhook destinationsCore
Auto-create tickets in ServiceNow / Jira on red findings (opt-in)
Scheduled subscription reports — CISO digest, audit summary rollups
"Goldilocks" alert calibration — flag when alerts fire too few or too many for your estate

Change Detection

Attribute change detection — group-membership flips, OU moves, manager changes
Drift alerting on cleanup categories (regression detection)
Optional Sentinel / Defender-for-Identity ingest — richer change audit when the customer already runs MDI

Compliance & Audit

Compliance Pack auto-publish — quarterly Audit Pack PDF to SharePoint / distribution list
Per-persona view filtering — security, identity, audit, ops, admin, licensing
Future

Phase 4 — Trends & Strategic

Once the snapshot history is deep enough to tell a story, Claritiq becomes a strategic instrument: trends, point-in-time replay, AI-summarised recommendations, and optional industry benchmarking.

Historical Analysis

Full trend dashboards — Maturity Score, Cleanup Hub progress, cohort lines, target overlays
AD Time Machine — "show me the org as of Jan 15": aggregate first, row-level once raw snapshots are enabled
MoM / QoQ delta KPIs — cleanup velocity as evidence, not anecdote

Strategic Layers

Day-2 AI Advisor — auto-generated "top 3 actions this week" summary
Industry benchmark — opt-in anonymised peer comparison ("47th percentile vs 23 forests of similar size")
MSP / multi-tenant aggregator — portfolio view across N customer installs

Platform

AppSource marketplace listing
Mobile-optimised report layouts
Customer portal for licence, install and consent management