StratoLens LogoStratoLens

Access Optimization

Access Optimization helps you identify and remediate over-privileged Azure RBAC assignments by correlating role assignments with actual activity usage.

What You'll Learn

This documentation covers everything you need to effectively use Access Optimization:

  • Identify six types of optimization opportunities
  • Analyze up to 365 days of Azure activity logs
  • Resolve Azure AD group memberships including nested chains
  • Configure detection thresholds and filtering options

Key Capabilities

Six Optimization Types

Detect unused access, stale permissions, over-privileged roles, over-scoped assignments, excessive role sprawl, and redundant permissions with configurable thresholds.

Activity Correlation

Correlate role assignments with up to 365 days of actual Azure activity logs to identify usage patterns and detect dormant access.

Group Member Resolution

Resolve Azure AD group memberships to show individual users granted access through groups, including nested group chains.

Configurable Detection Sensitivity

Adjust thresholds for stale access (1-100%), over-scoped permissions (1-100%), and excessive sprawl (1-50 subscriptions).

Multi-Dimensional Filtering

Filter by principal type (User/Group/Service Principal), role type (critical/management/read/other), and optimization type.

Cross-Feature Navigation

Cross-navigate to Role Assignments and Activity Explorer with contextual filters for detailed investigation.

Export Capabilities

Export findings for remediation workflows and audit documentation.

Related Features

Feature Integration

Access Optimization works seamlessly with other StratoLens features to provide comprehensive access governance:

  • Role Assignments - View all RBAC assignments without optimization analysis; Access Optimization extends Role Assignments with activity correlation
  • Activity Explorer - Investigate detailed activity evidence for optimization findings with operation-level drill-down
  • Access Health Dashboard Widget - Monitor overall access health metrics showing flagged principal counts at a glance
  • Change Detection - Track when role assignments are added or removed to understand assignment lifecycle

Documentation Sections

Explore comprehensive guides covering every aspect of Access Optimization:

📖 Getting Started

Learn how to access and navigate the Access Optimization feature.

Read: Accessing Access Optimization →

🖥️ Interface Guide

Detailed guide to the Access Optimization interface, including header controls, principal list, and detail panel.

Read: Understanding the Interface →

📚 Core Concepts

Learn about the six optimization types: unused access, stale permissions, over-privileged roles, over-scoped assignments, excessive sprawl, and redundant permissions.

Read: Key Concepts →

⚙️ Configuration

Configure detection thresholds including time window, stale threshold, over-scoped threshold, and excessive sprawl threshold.

Read: Configuration Options →

🔄 Common Workflows

Step-by-step guides for real-world scenarios including quarterly audits, user offboarding, and group membership cleanup.

Read: Common Workflows →

🔗 Cross-Feature Integration

Learn how Access Optimization works with Role Assignments, Activity Explorer, Dashboard widgets, and Change Detection.

Read: Cross-Feature Integration →

⚡ Technical Details

Technical information about data sources, refresh frequency, performance, permissions, and known limitations.

Read: Technical Details →

❓ Troubleshooting

Common issues and solutions for Access Optimization including FAQ-style Q&A.

Read: Troubleshooting →

Want to learn more about what Access Optimization can do?

Check out the feature page for benefits, use cases, and highlights.

View Feature Page