+44 800 779 7322
User Access & Identity

Who has the keys to your business?

Modern IT runs on identities, not just devices. Active Directory. Entra ID. Microsoft 365. Local Windows admins. Linux sudoers. The privileged accounts your last audit didn't reach but are now in scope. Imagine admin visibility, dormant-account detection, MFA evidence and continuous reporting your auditor, insurer and board can defend.

Rebasoft delivers Identity security as part of the same service-mapped asset graph, not a separately-bolted module.

Book a 20-minute insight session
USERS & ACCOUNTS 413 Total accounts 88 Enabled 31 Privileged 28 Privileged w/o MFA BY PROVIDER 413 accounts Local AD Entra PRIVILEGED & MFA 28 w/o MFA CE-ACC-005 ACCOUNT HEALTH 26 / 100 MFA coverage 3 / 88 enabled dormant accounts to review One view across: AD Entra ID M365 Windows local Linux sudoers 28 admins without MFA Every identity in one view. Every key accounted for.
The problem

Attackers are buying credentials, not finding zero-days.

The single biggest blind spot in most growing businesses is identity. The 2024–25 wave of breaches at well-resourced organisations was overwhelmingly identity-led: a phished session token, a missed MFA, a forgotten admin account, a privileged role nobody audited.

The audit question

"How many privileged accounts do you have?" The honest answer is "we’d have to ask a few people."

The insurance question

"What proportion of users have MFA?" The answer is a guess.

The customer question

"What’s your dormant-account review cadence?" The answer is a promise.

Scattered tooling

AD speaks for AD only. Entra for Entra only. Local admin discovery is a script someone runs once a year. Intune flags devices into a tab nobody opens.

The defence is not another tool — it is continuous evidence that the basics are actually in place.
Focused

Every identity source, one continuous audit.

Cloud, on-premises and local accounts in a single view — the privileged accounts your last audit didn't reach, surfaced and attributed.

01
Multi-domain Active Directory discovery

All users across single or multi-forest AD — dormant-account detection (45+ days since last logon), service-account classification, and admin-group membership counted and surfaced.

02
Entra ID, MFA and privileged roles

Full Entra inventory with per-user MFA registration evidence. Every Microsoft-defined privileged role detected — Global Admin, Exchange Admin and 24+ others — with standing rights distinguished from PIM-eligible (just-in-time).

03
Windows local administrator audit

Every host’s local accounts, Administrators-group membership, password-expiration state and last logon. The temporary admin that was supposed to be disabled — surfaced.

04
Linux account and privilege audit

Local users classified interactive or system. Sudoers and wheel membership called out. Root exposure flagged where enabled with an interactive shell.

Automated

From identity data to answers.

The same collection turns into the numbers finance, auditors and insurers actually ask for — without a scheduled exercise.

M365 licence assignment and waste

Every user’s licences mapped against the tenant SKU pool. When finance asks "are we paying for licences nobody uses?", the answer is a report, not an exercise.

Last sign-in and activity evidence

Per-user sign-in and last-activity tracking across the M365 estate — Entra audit logs (Premium) with fallback to the M365 Reports API. The dormant-user question becomes a number, not a guess.

Intune compliance follow-through

Non-compliant devices tagged to the user who owns them, ranked by risk, tracked to closure.

Audit ready

The hardest questions, answered on screen.

Audits in seconds

"How many Global Admins? Standing vs JIT? MFA coverage? Dormant-account count? Show me every admin on this server." All on screen, with the evidence trail behind each.

Insurance the insurer rewards

Proof of MFA coverage, privileged-account discipline and dormant-account cleanup — not a tick-box attestation.

Cyber Essentials A7, scored

User Access Control becomes an automated pass/fail, and the result pre-fills the A7 answers in your CE self-assessment.

Licence waste recovered

Most M365 estates have 10–20% waste in dormant users, undeprovisioned leavers and over-provisioned tiers. Rebasoft surfaces it; finance recovers the money.

The blast radius gets smaller: every dormant admin, abandoned service account or over-privileged role surfaced is a path an attacker no longer has.
The Rebasoft difference
What you have todayWhat it actually gives youWhat Rebasoft gives you
Active Directory Users & ComputersA snapshot. AD only. No dormant detection. No reporting.Continuous AD audit with dormant, service-account and admin-membership reporting — across multi-forest environments.
Entra admin centreEntra-only. One screen per question.Entra + AD + M365 + local accounts in one query.
PowerShell scripts run quarterlyStale within a week.Continuous, evidenced, audit-defensible.
Identity-Governance platforms (Saviynt, SailPoint)Enterprise-grade, enterprise-priced, enterprise-deployment-time.Right-sized for SME and mid-market — running in days, not quarters.
Microsoft Defender for IdentityMicrosoft estate only, alert-focused, not posture-focused.Posture, evidence and continuous reporting across every identity source.
Proof in the field

Evidence that stands up to the assessor.

A £250m international charity operating in 30+ countries used Rebasoft to evidence compliance across a distributed estate — and achieve Cyber Essentials Plus.

In their words

“I can now see all my network-attached devices — in one system — and validate them for compliance purposes.”

— CISO, £250m international charity

Why Rebasoft?

Find out who has the keys.

A 20-minute insight session on a live console. We'll show you the identity view across AD, Entra, M365 and your local accounts — and the questions it answers on your behalf.

Book my session
FAQ
Do we need an agent on every server to see local admins?
No. Rebasoft uses native operating system capabilities and existing credentials to identify local administrators and privileged accounts without requiring an agent on every server.
What level of Entra ID licensing do we need?
Rebasoft works with Entra ID Free, P1 and P2 licensing tiers. Where advanced Microsoft APIs are available, they are used automatically to improve efficiency without affecting evidence quality.
Will this slow down our domain controllers?
No. Data collection is designed for production environments and uses efficient, incremental collection methods that minimise operational impact.
Does this replace SailPoint or Saviynt?
For many SME and mid-market organisations, Rebasoft can provide the visibility and evidence needed without the complexity of a dedicated IGA platform. Larger enterprises may choose to use Rebasoft alongside SailPoint or Saviynt to provide additional operational context and validation.
What does Rebasoft not currently do on the M365 identity side?
These areas are not currently collected by Rebasoft. Today, Exchange Online mailbox delegation, Teams channel membership, SharePoint and OneDrive sharing permissions, and Azure resource-level RBAC are on the roadmap rather than available now — talk to us about timing if any are blocking. We'd rather distinguish clearly between available functionality and roadmap capabilities.
Is this Cyber Essentials A7 (User Access Control) evidence?
Yes. Rebasoft continuously evaluates the controls associated with Cyber Essentials User Access Control (A7), including dormant accounts, privileged access and MFA adoption, and can automatically determine compliance status against the published requirements.