One dashboard for your on-prem AD and M365 environment. Read-only by design, not by policy. Built for MSPs, IT teams, and anyone responsible for licenses they cannot see.
If you manage users, licenses, or devices and spend too much time digging through fragmented admin portals, this is for you.
You have 10, 20, 30 clients each running their own AD and M365 stack. You need visibility across all of them without logging into 30 different portals or running scripts manually every time someone asks a question.
Multi-tenant dashboardYour company runs on-prem AD alongside M365 and nobody has a clean picture of what is actually going on. Stale accounts, disabled users with active licenses, computers nobody has touched in two years. You know the problem.
Single-tenant dashboardYou are responsible for M365 spend but you have no way to see who actually uses what. You are paying for licenses assigned to people who left, to shared mailboxes nobody opens, to accounts that have not signed in for 18 months.
License utilization reportsYou need to know who has privileged access, which accounts have MFA disabled, and whether your password policies are actually being enforced. You need that information in seconds, not at the end of a PowerShell script.
Privileged access visibilityEvery report you actually need to understand what is happening across your on-prem AD and M365 environment.
Instant risk score based on password hygiene, stale accounts, MFA coverage, and privileged access. Know your posture in 10 seconds.
See exactly which M365 licenses are assigned, which are active, and which are wasted on disabled or inactive accounts. Stop paying for seats nobody uses.
Find users and computers that have not been active in 30, 90, or 180 days. Filter by OU, department, or account type.
All password policies in one view including fine-grained policies, which users they apply to, and how many accounts have passwords set to never expire.
See every admin account across on-prem AD and your M365 directory, when they last signed in, and whether they have MFA enabled.
Generate a full domain health report as a PDF in one click. Export any table to CSV with your active filters applied. Send it to whoever is asking.
Every other tool in this space requires write access. We built NexusADash so that write access is impossible, not just turned off.
No user creation, no password resets, no group changes. The application has no mechanism to write to your directory.
A lightweight connector runs on any domain-joined machine at the client site. It connects outbound on port 443 only. Nothing installed on your DC. No inbound firewall rules. No open ports. Revoke access instantly by disabling the service account.
Write scopes are not registered in the application. There is no configuration that could enable them.
AD data is collected by the NexusAD Connector and stored only within your isolated tenant. No other tenant can see your data. M365 data is queried live from Microsoft and never persisted on our servers.
Disable the service account or revoke the app registration and access is gone instantly. No cleanup required on our end.
First 20 MSPs get early adopter pricing locked forever. No commitment required to get started.