One dashboard for your on-premises AD and cloud identity environment. Read-only by design, not by policy. Built for MSPs, IT teams, and anyone responsible for licenses they cannot see.
If you manage users, licenses, or devices and spend too much time digging through fragmented admin portals, this is for you.
You have 10, 20, 30 clients each running their own AD and cloud identity stack. You need visibility across all of them without logging into 30 different portals or running scripts manually every time someone asks a question.
Multi-tenant dashboardYour company runs on-prem AD alongside a cloud identity platform and nobody has a clean picture of what is actually going on. Stale accounts, disabled users with active licenses, computers nobody has touched in two years. You know the problem.
Single-tenant dashboardYou are responsible for cloud license spend but you have no way to see who actually uses what. You are paying for licenses assigned to people who left, to shared mailboxes that nobody opens, to accounts that have not signed in in 18 months.
License utilization reportsEvery report you actually need to understand what is happening across your on-prem AD and cloud identity environment.
Instant risk score based on password hygiene, stale accounts, MFA coverage, and privileged access. Know your posture in 10 seconds.
See exactly which M365 licenses are assigned, which are active, and which are wasted on disabled or inactive accounts. Stop paying for seats nobody uses.
Find users and computers that have not been active in 30, 90, or 180 days. Filter by OU, department, or account type.
All password policies in one view including fine-grained policies, which users they apply to, and how many accounts have passwords set to never expire.
See every admin account across on-prem AD and your cloud directory, when they last signed in, and whether they have MFA enabled.
Generate a full domain health report as a PDF in one click. Export any table to CSV with your active filters applied. Send it to whoever is asking.
Every other tool in this space requires write access. We built NexusADash so that write access is impossible, not just turned off.
No user creation, no password resets, no group changes. The application has no mechanism to write to your directory.
Write scopes are not registered in the application. There is no configuration that could enable them.
The on-prem agent connects out. Nothing connects in. No inbound firewall rules. No open ports on your network.
For regulated industries where data cannot leave the building. Full deployment on your own infrastructure.
Remove the agent or revoke the app registration and access is gone instantly. No cleanup required on our end.
No per-user fees. No feature gating on reports. Pick the tier that matches your environment.
The more clients you onboard, the lower your per-tenant cost.
First 20 MSPs get 3 months free. No commitment required.