- Release Notes
- Install or Upgrade
- Get Started
- Administer
- ARM Administrator Guide
- Configuration
- Start the configuration application
- Basic configuration
- License and server status
- Collectors
- Configure resources and monitoring
- Active Directory (AD) resources
- File server (FS) resources
- Exchange resources
- SharePoint resources
- SAP resources
- Prepare the Microsoft/Office 365 integration
- Azure AD resources
- OneDrive resources
- Teams resources
- Configure AD Logga
- Configure the File Server (FS) Logga
- Configure Exchange Logga
- Configure OneDrive Logga
- Configure SharePoint Online Logga
- Configure AAD Logga
- Scan local accounts
- Assign resources to a domain
- Integrate Easy Connect resources
- Alerts
- User management
- Change configuration
- Customize the Active Directory (AD) change configuration
- Azure Active Directory (AAD) change configuration
- Exchange change configuration
- File Server (FS) change configuration
- Manage global settings for FS changes
- Select the basic change configuration settings
- Set the AD group types for the Group Wizard
- Select access categories available in ARM
- Define ARM group names
- Blacklist - exclude users and groups from use
- Apply a file server change configuration
- Define file server and share specific change settings
- OneDrive change configuration
- SharePoint change configuration
- Teams change configuration
- Data owner
- Create organizational categories
- Assign a data owner to an organizational category
- Assign resources to an organizational category
- Assign specific group wizard settings to organizational categories
- Activate or deactivate simple approvals for data owners
- Data owner configuration and GrantMA
- Import or export data owner configurations
- Create a data owner configuration report
- Server
- Scripting
- Jobs overview
- Views and reports
- Configure Open Order
- Configure the web components
- Configure the web client
- Using ARM
- Permission analysis
- Cross-resource
- Identify the permissions of a user
- Identify access rights on a resource
- Identify multiple access paths
- Identify deviating access rights in the tree structure
- Analyze historical access rights situations
- Compare two different access rights situations using scan comparison
- Review your environment using the web client dashboard
- Analyze resource permissions using the web client
- Determine the user permissions deviating from the department profile
- Active Directory
- Review the nested group structures
- Identify over-privileged users based on Kerberos token size
- Identify the depth of group nesting
- View members of different groups in one list
- Identify empty groups
- Identify recursive groups
- Identify recursive groups (web client)
- Identify users with never expiring passwords
- Identify users with never expiring password (web client)
- Identify inactive accounts (web client)
- Identify expiring user accounts
- Identify the most recent actions on an account
- File server
- Exchange
- OneDrive
- Teams
- SAP integration
- Cross-resource
- Documentation & Reporting
- Cross-resource
- Active Directory
- File server
- Where do employees of a manager have access?
- Who has access through which permission groups?
- Report on direct permissions
- Report on unresolved SIDs
- Report on the usage of "everyone"
- Report on the usage of "Authenticated Users"
- Report on directories whose owners are not administrators
- Permission differences
- Exchange
- OneDrive
- Security Monitoring
- Role & Process Optimization
- User Provisioning
- Active Directory
- Administrator
- Create a user account
- Create a user account in Azure Active Directory
- Create an Azure AD guest invitation
- Create groups and add users
- Manage group memberships
- Delete empty groups
- Move objects in Active Directory
- Reduce multiple groups to one group
- Change password options
- Create and delete contacts (web client)
- Move objects in Active Directory (web client)
- Deactivate user accounts in bulk (web client)
- Delete accounts in bulk (soft delete) (web client)
- Change password options in bulk (web client)
- Modify attributes in bulk (web client)
- Remove group memberships in bulk (web client)
- Create a new department profile
- Execute scripts for directories in bulk (web client)
- Execute scripts on user accounts in bulk (web client)
- Edit temporary group memberships (web client)
- Edit computer accounts
- Delete computer accounts
- Help desk
- Data Owner/Manager
- Reset users' passwords (cockpit)
- Change account data of users (cockpit)
- Deactivate users (cockpit)
- Pause user (cockpit)
- Create a new user (cockpit)
- Assign a department profile to users (cockpit)
- Change your own account information (cockpit)
- Manage my employees (cockpit)
- Add group memberships (cockpit)
- Remove group memberships (cockpit)
- Administrator
- File server
- Grant and remove file server access rights
- Remove multiple access paths to file server directories
- Create a protected file server directory
- Remove direct permissions
- Remove direct permissions in bulk (web client)
- Remove corrupted inheritance
- Identify errors in inheritance and fix them in bulk (web client)
- Identify and delete unresolved SIDs
- Remove unresolved SIDs in bulk (web client)
- Remove "everyone" permissions in bulk (web client)
- Change directory ownership
- Exchange
- Create a mailbox (email enable accounts)
- Create a mailbox in Exchange Online (assign an Microsoft 365 license)
- Change mailbox permissions
- Manage out of office notices
- Manage mailbox and email size
- Manage email addresses
- Manage distribution group memberships
- Manage distribution group permissions
- Modify moderation of distribution groups
- Change the manager of distribution groups
- Create and delete contacts
- SharePoint
- OneDrive
- Teams
- Active Directory
- Permission analysis
- Customize ARM templates
- Collect diagnostics from ARM
- Secure your ARM deployment
Security Monitoring
Employees can make changes in Active Directory and the file server. Security risks can arise without comprehensive monitoring. Using the ARM Logga modules, you can record security-relevant activities in your corporate network. This process allows you to trace user actions performed in your network by name and date.
At process levels, you gain complete visibility into Access Rights activities. Changes made outside of ARM are recorded. Based on the information obtained, your Access Rights Management process can be optimized. Alerts (FS and AD Logga) proactively inform you about critical events.
See the following topics for more information.