Roadmap

Where we're headed

Claritiq is built in phases. Each one adds a new layer of value — from instant visibility to full identity governance.

Building Now

Phase 1 — Visibility

See your entire on-prem AD estate clearly. Users, computers, groups, multi-domain forests — surfaced in minutes from a single Power BI Pro install. The starting line for any cleanup engagement.

AD Data Foundation

Multi-domain forest discovery (root + child domains, auto-discover or fixed list) Core
Users, Computers, Groups, Domains entities — 60+ AD attributes per user Core
On-premises data gateway integration with one read-only service account Core
Optional OU / Search Base filter and Extension Attribute labels
Resilient by design: a child domain offline doesn't break the refresh

Detection & Alerts

33+ alerts shipped: privileged exposure, Kerberoastable accounts, delegation risk, stale credentials, lifecycle gaps Core
AD Security Maturity Score — composite 0–100 across five categories New
Cleanup Hub — 19 cleanup categories with progress, velocity and "what's next" New
Tier-0 Inventory — full Domain/Enterprise/Schema admin footprint, including nested groups New
Snapshot-vs-snapshot delta — what changed since last refresh, no DC sensors required New

Reports & Pages

Overview, Account Health, Cleanup Hub — the three pages everyone opens first Core
Per-entity drilldowns: Users (admin access, data quality, hybrid identity), Computers (stale, end-of-life OS), Groups (privileged, empty) Core
Audit Pack — stakeholder-ready evidence page, exportable as PDF
Forest Health, Trust Map, Changes — structural views of the directory itself
Pivot on what matters: top OU, domain, enabled/disabled — not HR cosmetics

Distribution & Foundations

Power BI Pro only — no Premium, PPU, or Fabric required Core
PowerShell one-click installer + Power BI template app Core
Power Automate alert delivery (email / Teams) — built from a single config table
Trend infrastructure — daily aggregate snapshots, retained inside the Power BI model New
Data never leaves your tenant. No telemetry, no phone-home. Core
Planned

Phase 2 — Hybrid Identity

Extend Claritiq into the cloud half of your estate. Entra ID, Exchange Online and Microsoft 365 licensing — queried directly from Microsoft Graph via Azure Automation runbooks, all under your control.

Entra ID

Sign-in activity per user — days since last interactive / non-interactive sign-in Core
App registrations & enterprise apps unused for X days
Expiring app secrets and certificates
B2B guest hygiene (inactive guests, missing sponsor)
Conditional Access policy review & authentication-method coverage

Exchange Online

Mailbox inventory — sizes, quotas, holds, delegation, last activity Core
Orphaned and inactive shared mailboxes — canonical detection that needs EXO
Distribution group sprawl — empty, owner-less, unused
OneDrive & SharePoint usage, Teams / SharePoint sprawl

Licensing

Microsoft 365 license visibility — assignment vs activity per SKU Core
Disabled users with active licenses — direct cost-waste detection
License right-sizing recommendations (E5 / E3 / E1, F-tier)
Dynamics 365 SKU alerts — renewal-readiness for the licence-owner persona

Cross-source views

Identity Census — AD-only / Hybrid / Entra-only cohort overlap, plus mailbox split New
Cleanup Hub expansion — ~14 additional cleanup categories unlock with cloud data
Optional raw-row historical snapshots — daily AD state preserved in your Azure Storage / OneLake
Planned

Phase 3 — Continuous Monitoring

Layer in alert routing, ITSM ticketing, scheduled reports and optional Sentinel / Defender-for-Identity feeds — for organisations ready to operationalise the cleanup, not just see it once a quarter.

Alert & Workflow Integration

Configurable alert routing — per-finding email / Teams / webhook destinations Core
Auto-create tickets in ServiceNow / Jira on red findings (opt-in)
Scheduled subscription reports — CISO digest, audit summary rollups
"Goldilocks" alert calibration — flag when alerts fire too few or too many for your estate

Change Detection

Attribute change detection — group-membership flips, OU moves, manager changes
Drift alerting on cleanup categories (regression detection)
Optional Sentinel / Defender-for-Identity ingest — richer change audit when the customer already runs MDI

Compliance & Audit

Compliance Pack auto-publish — quarterly Audit Pack PDF to SharePoint / distribution list
Per-persona view filtering — security, identity, audit, ops, admin, licensing
Future

Phase 4 — Trends & Strategic

Once the snapshot history is deep enough to tell a story, Claritiq becomes a strategic instrument: trends, point-in-time replay, AI-summarised recommendations, and optional industry benchmarking.

Historical Analysis

Full trend dashboards — Maturity Score, Cleanup Hub progress, cohort lines, target overlays
AD Time Machine — "show me the org as of Jan 15": aggregate first, row-level once raw snapshots are enabled
MoM / QoQ delta KPIs — cleanup velocity as evidence, not anecdote

Strategic Layers

Day-2 AI Advisor — auto-generated "top 3 actions this week" summary
Industry benchmark — opt-in anonymised peer comparison ("47th percentile vs 23 forests of similar size")
MSP / multi-tenant aggregator — portfolio view across N customer installs

Platform

AppSource marketplace listing
Mobile-optimised report layouts
Customer portal for licence, install and consent management

Want to shape what we build next?

We're building Claritiq with direct input from enterprise IT teams. Get early access and help us prioritize the features that matter most to you.

Request Early Access