Access Optimization

Find out who actually uses their permissions and who just has them. StratoLens correlates every role assignment with up to 365 days of Activity Log data, resolves Entra ID group memberships down to individual users, and flags exactly where access can be tightened.

The Problem

RBAC assignments pile up over time, and nobody cleans them. The result is a growing security and compliance risk that's invisible until an auditor asks about it:

Permission Sprawl: Users collect roles across projects and never lose them
Stale Access: Former team members and contractors keep access long after they should
Over-Privileged Users: People have Owner or Contributor when Reader would do
Hidden Group Access: Users inherit permissions through nested group memberships that are hard to trace
No Usage Evidence: You can see who has access, but not who actually uses it

The Solution

See which permissions are actually being used and which are just sitting there:

Unused Access: Zero activity in the selected time window. Safe to remove.
Stale Permissions: No recent activity beyond a configurable threshold
Over-Privileged Roles: Critical roles (Owner/UAA) with no corresponding RBAC operations
Over-Scoped Assignments: Activity only in a small portion of the assigned scope
Excessive Sprawl: Same role duplicated across multiple subscriptions
Redundant Permissions: Duplicate access from hierarchy inheritance or group overlap

See It In Action

Key Benefits

Detect completely unused access with zero activity in customizable time window

Identify stale permissions with configurable activity thresholds

Find over-privileged users with critical roles (Owner/UAA) but no RBAC operations

Discover over-scoped assignments

Track excessive role sprawl (same role across multiple subscriptions)

Eliminate redundant assignments from hierarchy inheritance, role supersession, or group overlap

Resolve group memberships to identify individual users with access through groups

View nested group chains showing complete permission inheritance paths

Common Use Cases

Quarterly security audits to identify and remediate over-privileged access before auditors arrive

Compliance reporting for least-privilege enforcement and access certification

User offboarding verification to ensure complete access removal including group memberships

Continuous access reviews to maintain least-privilege as teams and projects evolve

Group membership cleanup to identify users who should be removed from Entra ID groups

Ready to Learn More?

Explore our documentation to see how Access Optimization works in detail.

Read Documentation View All Features