StratoLens LogoStratoLens

Configuration Options

Access Optimization provides configurable thresholds to fine-tune detection sensitivity. Adjust these settings to match your organization's security posture and compliance requirements.

Four Configuration Options

  • Time Window: Activity lookback period (7-365 days)
  • Stale Threshold: Percentage of time window for stale detection (1-100%)
  • Over-Scoped Threshold: Minimum scope efficiency percentage (1-100%)
  • Excessive Sprawl Threshold: Maximum subscriptions per role (1-50)

Time Window

Purpose
Controls the activity lookback period for optimization detection. This is the date range analyzed when correlating role assignments with activity logs.
Default Value
30 days
Available Options
7, 30, 60, 90, 180, 365 days
Effect
Changes the date range for activity log correlation. Shorter windows detect recent inactivity and are useful for rapid verification. Longer windows provide more comprehensive analysis and catch seasonal or quarterly access patterns.

Recommended Settings

7 days

Rapid offboarding verification or recent project cleanup; detect access that hasn't been used in the last week

30 days (Default)

Balanced monthly reviews; catch access unused in the current month

90 days

Quarterly security audits aligning with compliance review cycles

180 days

Semi-annual comprehensive reviews for seasonal usage patterns

365 days

Annual compliance reporting and maximum historical analysis; catch access unused for an entire year

Quarterly Audit Scenario

Setting a 90-day window before end of quarter helps identify access that hasn't been used during the current quarter, providing audit-ready findings aligned with quarterly compliance reviews.

Triggers New Computation

Changing the time window triggers a new API call to recompute optimizations. Badge counts and optimization findings will update to reflect the new analysis period.

Stale Threshold Percentage

Purpose
Defines how far into the time window the last activity must be to flag access as "stale." This controls the sensitivity of stale access detection.
Default Value
50%
Valid Range
1-100%
Effect
Higher percentages flag access that hasn't been used in a longer portion of the time window. Lower percentages flag access more aggressively for any inactivity.

Calculation Formula

Stale threshold days = (Time Window Days × Stale Threshold %) / 100

Access is flagged as stale if: Days Since Last Activity > Stale Threshold Days

Recommended Settings

30-40% (Aggressive)

High-security environments requiring frequent access validation

50-60% (Balanced)

Most organizations; flags access inactive for more than half the time window

70-80% (Conservative)

Focuses on clearly abandoned access; reduces false positives for intermittent legitimate use

Conservative Annual Analysis

Time window: 365 days

Stale threshold: 70%

Calculation: 365 × 0.70 = 255 days

Result: Access is flagged as stale only if last activity was more than 255 days ago (over 8 months)

Use case: Focus on access that's been inactive for the majority of the year while ignoring quarterly or semi-annual access patterns

Input Validation

Red border appears for invalid values (empty, non-numeric, <1, or >100). Invalid values reset to default 50% on blur or Enter key.

Over-Scoped Threshold Percentage

Purpose
Defines what percentage of scope entities must be used before an assignment is considered appropriately scoped. This controls the sensitivity of over-scoped detection.
Default Value
30%
Valid Range
1-100%
Effect
Lower percentages flag assignments where activity is very concentrated in a small portion of the scope. Higher percentages only flag assignments with extremely narrow activity.

Calculation Formula

Scope efficiency = (Active Scopes / Total Scopes) × 100

Access is flagged as over-scoped if: Scope Efficiency < Over-Scoped Threshold %

Recommended Settings

10-20% (Aggressive)

Large environments with hundreds of resources per subscription; catch access touching less than 1 in 5 resources

30-40% (Balanced)

Most organizations; flag access confined to less than one-third of available scope

50-60% (Conservative)

Focuses on extreme over-scoping; only flag access touching less than half the scope

Three Scenarios

Assignment: Contributor on subscription with 100 resources

Principal activity: 25 resources

Scope efficiency: 25%

Threshold: 20%

NOT flagged (25% > 20%)

Threshold: 30%

FLAGGED (25% < 30%)

Threshold: 50%

FLAGGED (25% < 50%)

Large Environment Use Case

Setting threshold to 20% in large environments with 500+ resources per subscription helps identify users who should be scoped to specific resource groups (e.g., user touches 30 out of 500 resources = 6%, clearly over-scoped).

Input Validation

Red border appears for invalid values (empty, non-numeric, <1, or >100). Invalid values reset to default 30% on blur or Enter key.

Excessive Sprawl Threshold

Purpose
Defines how many subscriptions a role must span before being flagged as "excessive sprawl." This controls the sensitivity of cross-subscription access pattern detection.
Default Value
5 subscriptions
Valid Range
1-50
Effect
Lower values flag broad access more aggressively. Higher values focus on extreme cases where users have the same role across many subscriptions.
Calculation
For each role name, count unique subscriptions where the principal has that role. Flag if count ≥ threshold.

Recommended Settings

3-4 subscriptions (Strict)

Organizations with many subscriptions where broad access is discouraged; prompt review of any role spanning multiple subscriptions

5-7 subscriptions (Balanced)

Most organizations; flag roles spanning a handful of subscriptions

10+ subscriptions (Permissive)

Large enterprises where broad access patterns are more common; focus on extreme sprawl cases

Investigation Workflow

Scenario: User has Contributor role on 8 subscriptions:

  • Dev, Test, Staging, Production-East, Production-West, Production-Central, DR-East, DR-West

Threshold: 5

FLAGGED (8 ≥ 5)

Threshold: 10

NOT flagged (8 < 10)

Investigation options:

  • If legitimate broad need → Grant Contributor at management group level for cleaner management
  • If focused on Production → Remove Dev, Test, Staging assignments
  • If DR is emergency-only → Document DR access justification

Strict Policy Use Case

Setting threshold to 3 subscriptions flags any user with the same role on 3+ subscriptions, prompting review of whether management group assignment or scope reduction is appropriate.

Input Validation

Red border appears for invalid values (empty, non-numeric, <1, or >50). Invalid values reset to default 5 on blur or Enter key.

← Previous: Key ConceptsNext: Common Workflows →