Understanding the Interface

Access Optimization features a powerful, responsive interface with filtering controls, principal list, and detailed optimization recommendations.

Interface Overview

The interface adapts to your screen size, providing optimized layouts for desktop (1200px+) and mobile/tablet (<1200px) devices.

Header Controls

The header contains all filtering and configuration options with responsive layout that switches between inline and compact modes based on available screen space.

Inline Mode (Desktop - 1200px+)

All filters displayed horizontally with separate Thresholds button:

Time Window dropdown: Select activity lookback period (7/30/60/90/180/365 days)
Principal Type multi-select: Filter by User, Group, Service Principal
Role Type multi-select: Filter by Critical, Management, Read, Other
Optimization Type multi-select: Filter by detected optimization types (shows only types found in current scan)
Thresholds button: Opens popover for configuring detection sensitivity
Scan Selection dropdown: Choose which scan snapshot to analyze (always visible)

Compact Mode (Tablet/Mobile - <1200px)

Single "Filters" button containing all options:

All filters above consolidated into scrollable popover
Threshold settings included in same popover under "Detection Thresholds" section
Scan selection remains visible outside popover

Filter Badge Counter

Shows total active filters including non-default thresholds. For example, if you have 2 principal types selected, 1 optimization type filter, and stale threshold changed from 50% → 60%, badge shows "3".

Principal List (Left Column)

Purpose: Displays all principals with optimization findings, allowing quick scanning of who needs attention.

List Item Components

Principal Icon: User icon (👤) for users
Users icon (👥) for groups
Bot icon (🤖) for service principals
Principal Name: Display name from Azure AD/Entra ID
Group Subtitle (users only): Shows source of group-based access:
"via Engineering Team" - single group
"via 3 groups" - multiple groups (shows count instead of names to save space)
Users icon appears next to subtitle text
Optimization Badges: Color-coded count badges for each optimization type detected:
Over-Privileged
Over-Scoped, Excessive Sprawl
Unused
Stale
Redundant Assignment
Badge counts are filter-responsive (show different numbers based on active optimization type and role type filters)

Sorting Options

Dropdown at top of list:

Most Optimizations (default)

Principals with highest optimization count first

Alphabetical

Sort by principal display name A-Z

Empty States

No principals match filters: "No principals match the selected filters."

No optimizations found: "No optimization opportunities found."

Selection Behavior

Tip

Click any principal to open detail panel on the right
Click selected principal again to close detail panel
URL updates with principalId parameter for bookmark-able state

Detail Panel (Right Column)

Purpose: Shows complete optimization recommendations for selected principal with evidence, explanations, and remediation guidance.

Panel Header

Principal Information: Principal type and name displayed as subtitle
Sort Dropdown: Order optimizations by:
Optimization Type (default - groups by severity)
Privilege Level (critical roles first)
Scope (broadest scope first)
Alphabetical (by entity name)
Close Button: X button to collapse panel

Optimization Cards

One card per finding with comprehensive details:

Card Header Components

Optimization Type Badge

Badge with icon (e.g., "Over-Privileged Access" with trending-down icon)

Entity Type Icon

Visual indicator for management group, subscription, resource group, or resource

Role Badge

Color-coded by privilege level: red=critical, amber=management, green=read, blue=other

Card Details

Each optimization card includes comprehensive information fields:

Common Fields

All optimization cards display:

Entity Name: The scope where role is assigned (management group name, subscription name, resource group name, or resource name)
Resource Group: (resources only)
Subscription: (resources and resource groups)
Assigned: Date when role assignment was created
Last Used: Most recent activity timestamp from activity logs
Days Inactive: Calculated days since last activity
Activity Count: Total operations performed in time window

Group-Based Assignments

Via Group field shows group membership chain:

"Engineering Team → All Employees" for nested groups
Users icon displayed to indicate group-based access

Over-Privileged Only

Operations: Breakdown of operation types (Create, Update, Delete, Action, RBAC) with counts as colored badges

Over-Scoped Only

Scope Efficiency: Percentage of scope actively used with fraction (e.g., "15% (3 of 20 scopes)")

Redundant Assignments Only

Redundancy: Type of redundancy detected

Details: Explanation of why assignment is redundant

Remediation Guidance

Explanation: Human-readable description of why this optimization was flagged, including threshold values
Recommendation: Specific action to remediate:
Group-based assignments show group-aware recommendations (e.g., "Remove Alice from group Engineering Team")
Nested group hierarchies recommend review instead of removal
Direct assignments show standard remediation (downgrade/rescope/remove)

Navigation Buttons

Bottom of each card:

View in Activity Explorer

Opens Activity Explorer pre-filtered to principal and time window with subscription context

View in Role Assignments

Opens Role Assignments page filtered to this principal

Note

Redundancy scenarios only: Additional "View Group in Role Assignments" button to view the group's assignments

Filter-Responsive Behavior

Dynamic Filtering

Detail panel respects active optimization type and role type filters
Only shows optimizations matching selected filters
Threshold changes dynamically filter out optimizations that no longer meet criteria
Empty state shown if no optimizations match filters: "No Optimizations Match Filters"

← Previous: Accessing Next: Key Concepts →