Accessing Access Optimization

Get started with Access Optimization by following these simple steps to access the feature and understand the default view.

Navigation Steps

From the StratoLens homepage, navigate to Access Control in the left sidebar

Click Access Optimization

The page automatically loads the latest scan with default filters applied (Users and Groups shown, critical/management/read roles, 30-day time window)

Prerequisites

Required Permissions

Before accessing Access Optimization, ensure you have the necessary permissions and data requirements in place.

Permission Required: data.read permission required to view Access Optimization
Data Requirement: At least one completed scan with role assignments and activity log data
Microsoft Graph API Permissions (Optional): Recommended for full functionality:
Group.Read.All
User.Read.All
Application.Read.All
Without these permissions, you'll see group-based assignments but not individual group members.

Default View

The main view displays a two-column layout designed for efficient access review:

Left Column

List of principals (users, service principals, groups) with optimization findings, sorted by optimization count (highest first)

Right Column

Detailed optimization recommendations for the selected principal (click any principal to view)

Default Filters

Note

The following filters are applied automatically when you first open the page. You can adjust these at any time using the header controls.

Default Filter Settings

Principal Types: User, Group (Service Principals excluded by default)
Role Types: Critical, Management, Read ("Other" excluded by default)
Time Window: Last 30 days
Detection Thresholds: Stale 50%, Over-Scoped 30%, Excessive Sprawl 5 subscriptions

← Back to Overview Next: Understanding the Interface →