Getting Started

Everything you need to connect your Microsoft Entra tenant and start governing identities in minutes.

Applies to: All plansModule: Onboarding

What is IdentityOps?

IdentityOps is an independent, continuous governance platform for Microsoft Entra ID. It monitors your app registrations, license assignments, and Intune device posture through read-only Microsoft Graph access — surfacing risks, waste, and security issues that native tooling makes easy to miss.

Unlike scripts or spreadsheets, IdentityOps runs continuously and scores every finding with plain-English explanations and remediation guidance. It never writes to your tenant. There are no agents, no background services, and nothing to install in your environment.

How it works

Getting started takes three steps — no infrastructure, no configuration files, no prerequisites beyond an Entra admin account.

Connect

Grant read-only access via Microsoft's standard admin consent flow. One click for an Entra admin — no app registration to create or maintain.

Scan

IdentityOps queries Microsoft Graph to read your app registrations, license assignments, users, and devices. Nothing is written to your tenant.

Act

Review risk-scored apps, license waste findings, and device compliance gaps. Every finding includes a plain-English explanation and remediation guidance.

What you'll get

Risk-scored app registrations

Every app registration scored by credential hygiene, permission scope, owner coverage, and activity signals.

License waste detection

Identifies licenses assigned to inactive users, duplicate assignments, and subscriptions with low utilization.

Device compliance overview

Surfaces non-compliant Intune devices, stale enrollments, and Conditional Access policy gaps (Pro plan).

Security group hygiene

Every security group scored for ownership, membership quality, naming, and nesting. Surfaces zombie groups and ownerless access grants (Starter+).

Conditional Access analysis

CA policy health scoring, MFA coverage metrics, and control gap detection across your full policy set (Pro).

Activity audit trail

Every scan, finding, and status change logged with timestamps. Export-ready for compliance reporting.

Requirements

A Microsoft Entra ID tenant (formerly Azure Active Directory).

A user account with Global Administrator or Application Administrator privileges to grant admin consent.

A modern browser (Chrome, Edge, Firefox, Safari). No desktop software or agents to install.

Where teams usually go next

→ Connect your Entra tenant → Review exactly what permissions are needed → Run your first scan and explore findings