Where we're headed
v1.3.0 — live
Claritiq is built in phases. Each one adds a new layer of value — from instant visibility to full identity governance.
Live
Phase 1 — Visibility
See your entire on-prem AD estate clearly. Users, computers, groups, multi-domain forests — surfaced in minutes from a single Power BI Pro install. The starting line for any cleanup engagement.
AD Data Foundation
Multi-domain forest discovery (root + child domains, auto-discover or fixed list)
Core
Users, Computers, Groups, Domains entities — 60+ AD attributes per user
Core
On-premises data gateway integration with one read-only service account
Core
Optional OU / Search Base filter and Extension Attribute labels
Resilient by design: a child domain offline doesn't break the refresh
Detection & Alerts
40+ alerts shipped: privileged exposure, Kerberoastable accounts, delegation risk, stale credentials, lifecycle gaps
Core
AD Security Maturity Score — composite 0–100 across five categories
New
Cleanup Hub — 18 cleanup categories with progress, velocity and "what's next"
New
Tier-0 Inventory — full Domain/Enterprise/Schema admin footprint, including nested groups
New
Snapshot-vs-snapshot delta — what changed since last refresh, no DC sensors required
New
Reports & Pages
Overview, Account Health, Cleanup Hub — the three pages everyone opens first
Core
Per-entity drilldowns: Users (admin access, data quality, hybrid identity), Computers (stale, end-of-life OS), Groups (privileged, empty)
Core
Audit Pack — stakeholder-ready evidence page, exportable as PDF
Forest Health, Trust Map, Changes — structural views of the directory itself
Pivot on what matters: top OU, domain, enabled/disabled — not HR cosmetics
Distribution & Foundations
Power BI Pro only — no Premium, PPU, or Fabric required
Core
PowerShell one-click installer + Power BI template app
Core
Power Automate alert delivery (email / Teams) — built from a single config table
Trend infrastructure — daily aggregate snapshots, retained inside the Power BI model
New
Data never leaves your tenant. No telemetry, no phone-home.
Core
Building Now
Phase 2 — Hybrid Identity
Extend Claritiq into the cloud half of your estate. Entra ID, Exchange Online and Microsoft 365 licensing — queried directly from Microsoft Graph via Azure Automation runbooks, all under your control.
Entra ID
Sign-in activity per user — days since last interactive / non-interactive sign-inCore
App registrations & enterprise apps unused for X days
Expiring app secrets and certificates
B2B guest hygiene (inactive guests, missing sponsor)
Conditional Access policy review & authentication-method coverage
Exchange Online
Mailbox inventory — sizes, quotas, holds, delegation, last activityCore
Orphaned and inactive shared mailboxes — canonical detection that needs EXO
Distribution group sprawl — empty, owner-less, unused
OneDrive & SharePoint usage, Teams / SharePoint sprawl
Licensing
Microsoft 365 license visibility — assignment vs activity per SKUCore
Disabled users with active licenses — direct cost-waste detection
License right-sizing recommendations (E5 / E3 / E1, F-tier)
Dynamics 365 SKU alerts — renewal-readiness for the licence-owner persona
Cross-source views
Identity Census — AD-only / Hybrid / Entra-only cohort overlap, plus mailbox splitNew
Cleanup Hub expansion — ~14 additional cleanup categories unlock with cloud data
Optional raw-row historical snapshots — daily AD state preserved in your Azure Storage / OneLake
Planned
Phase 3 — Continuous Monitoring
Layer in alert routing, ITSM ticketing, scheduled reports and optional Sentinel / Defender-for-Identity feeds — for organisations ready to operationalise the cleanup, not just see it once a quarter.
Alert & Workflow Integration
Configurable alert routing — per-finding email / Teams / webhook destinationsCore
Auto-create tickets in ServiceNow / Jira on red findings (opt-in)
Scheduled subscription reports — CISO digest, audit summary rollups
"Goldilocks" alert calibration — flag when alerts fire too few or too many for your estate
Change Detection
Attribute change detection — group-membership flips, OU moves, manager changes
Drift alerting on cleanup categories (regression detection)
Optional Sentinel / Defender-for-Identity ingest — richer change audit when the customer already runs MDI
Compliance & Audit
Compliance Pack auto-publish — quarterly Audit Pack PDF to SharePoint / distribution list
Per-persona view filtering — security, identity, audit, ops, admin, licensing
Future
Phase 4 — Trends & Strategic
Once the snapshot history is deep enough to tell a story, Claritiq becomes a strategic instrument: trends, point-in-time replay, AI-summarised recommendations, and optional industry benchmarking.
Historical Analysis
Full trend dashboards — Maturity Score, Cleanup Hub progress, cohort lines, target overlays
AD Time Machine — "show me the org as of Jan 15": aggregate first, row-level once raw snapshots are enabled
MoM / QoQ delta KPIs — cleanup velocity as evidence, not anecdote
Strategic Layers
Day-2 AI Advisor — auto-generated "top 3 actions this week" summary
Industry benchmark — opt-in anonymised peer comparison ("47th percentile vs 23 forests of similar size")
MSP / multi-tenant aggregator — portfolio view across N customer installs
Platform
AppSource marketplace listing
Mobile-optimised report layouts
Customer portal for licence, install and consent management