title: Bulk Operations Analytics category: Bulk Operations tags: bulk, analytics, history, impact, metrics, trends priority: Normal
Bulk Operations Analytics
IdentityCenter provides two dedicated pages for analyzing bulk operation activity: the Bulk Operations Analytics dashboard (BulkOperationsAnalytics.razor) and the Bulk Operations History log (BulkOperationsHistory.razor). Together, they give you full visibility into what has been done, what impact it had, and how your identity hygiene is trending over time.
Operation History
Viewing Past Sessions
Navigate to Admin > Bulk Operations > History to see all past bulk operation sessions. Each row in the history table shows:
| Column | Description |
|---|---|
| Date | When the session was executed |
| Type | Issue category scanned (e.g., Stale Accounts, Full Scan) |
| Status | Completed, Partially Completed, Failed, or Rolled Back |
| Items Detected | Total issues found during the scan |
| Items Remediated | Number of issues that were successfully fixed |
| Items Failed | Number of remediations that failed |
| Operator | The administrator who initiated the session |
Use the date range picker and category filter to narrow down the history list. You can also search by operator name to see a specific administrator's activity.
Session Details
Click any session row to drill into its full details. The session detail view contains three sections:
Summary Panel
Session: BULK-2026-0215-001
Date: February 15, 2026 at 09:32 AM
Type: Stale Accounts
Operator: admin@contoso.com
Duration: 4 minutes 12 seconds
Results:
Detected: 312 issues
Remediated: 298 items (95.5%)
Failed: 8 items (2.6%)
Skipped: 6 items (1.9%)
Action Log
Every individual action taken during the session is listed with:
| Field | Description |
|---|---|
| Object | The affected user, computer, or other object |
| Action | What was done (disabled, attribute updated, group removed, etc.) |
| Before Value | The state before the change |
| After Value | The state after the change |
| Result | Success, Failed (with error), or Skipped (with reason) |
This log is the authoritative audit record for the session. You can export it to CSV for external reporting or compliance evidence.
Failure Details
For any failed item, the detail view shows the specific error message and a suggested resolution. Common failure reasons include:
| Failure Reason | Typical Resolution |
|---|---|
| Insufficient permissions | Grant the service account write access to the target OU |
| Object locked by another process | Retry the individual item after the lock is released |
| Object no longer exists | The object was deleted between scan and execution |
| Attribute validation error | Check the target attribute for format or length constraints |
Impact Metrics
The Analytics dashboard aggregates data across all sessions to show the cumulative impact of your bulk operations.
Aggregate Statistics
| Metric | Description |
|---|---|
| Total Issues Resolved | Cumulative count of all successfully remediated issues |
| Accounts Disabled | Number of stale, orphaned, or risky accounts that were disabled |
| Groups Cleaned Up | Group memberships corrected or removed |
| Attributes Corrected | Missing or incorrect attribute values that were fixed |
| Security Risks Mitigated | Privilege and password issues that were remediated |
| Rollbacks Performed | Number of sessions that were partially or fully rolled back |
Impact by Category
A breakdown showing which issue types have been addressed most:
| Category | Issues Found | Issues Resolved | Resolution Rate |
|---|---|---|---|
| Stale Accounts | 1,240 | 1,185 | 95.6% |
| Orphaned Accounts | 312 | 298 | 95.5% |
| Misconfigured Accounts | 856 | 842 | 98.4% |
| Security Risks | 94 | 87 | 92.6% |
| Duplicate Accounts | 47 | 39 | 83.0% |
Note: Duplicate accounts typically have a lower resolution rate because they often require manual review to determine which account to keep.
Trend Analysis
Issue Counts Over Time
The trend chart tracks the number of detected issues over time, broken down by category. This answers the key question: is your identity hygiene improving or deteriorating?
Issues Detected Per Month
─────────────────────────
1,200 | *
1,000 | * *
800 | * * *
600 | * *
400 | * * *
200 | * *
0 └──────────────────────
Sep Oct Nov Dec Jan Feb
Trend Indicators
| Trend | Meaning | Recommended Action |
|---|---|---|
| Decreasing | Fewer issues each period | Continue current cadence |
| Stable | Issue count is flat | Review whether root causes are being addressed |
| Increasing | More issues each period | Increase scan frequency; investigate process gaps |
| Spike | Sudden jump in one period | Likely a migration, reorganization, or sync issue |
Before/After Comparison
The analytics dashboard provides aggregate before/after statistics that quantify the improvement from your bulk operations:
| Metric | Before | After | Improvement |
|---|---|---|---|
| Stale accounts (90+ days) | 500 | 50 | 90% reduction |
| Accounts without managers | 230 | 12 | 95% reduction |
| Users with excessive privileges | 45 | 8 | 82% reduction |
| Missing email attributes | 180 | 15 | 92% reduction |
| Expired but enabled accounts | 67 | 3 | 96% reduction |
These statistics are calculated from the snapshot data stored by the BulkIssueSnapshotRepository and represent the actual measured impact.
Using Analytics for Compliance
Bulk Operations Analytics produces evidence that auditors need to verify identity hygiene:
| Artifact | Compliance Use |
|---|---|
| Session history | Demonstrates regular identity hygiene reviews |
| Action logs with before/after values | Proves specific remediations were performed |
| Trend charts | Shows continuous improvement over time |
| Category breakdown | Demonstrates coverage across all risk areas |
| Rollback records | Shows that changes are controlled and reversible |
| Framework | Relevant Bulk Operations Evidence |
|---|---|
| SOX | Access cleanup logs, privilege reduction records |
| HIPAA | Orphaned account remediation, stale account disablement |
| ISO 27001 | Regular identity reviews, measurable improvement trends |
| NIST 800-53 | Account management controls, continuous monitoring |
| PCI-DSS | Unique account enforcement, excessive privilege removal |
Scheduling Regular Scans
Configure the BulkIssueMonitorJob to run automatically and keep your analytics data current:
| Scan Type | Frequency | Rationale |
|---|---|---|
| Full Scan | Monthly | Comprehensive hygiene assessment |
| Stale Accounts | Weekly | Catch accounts going dormant early |
| Security Risks | Weekly | Privileged access changes frequently |
| Orphaned Accounts | Bi-weekly | Aligns with typical offboarding delays |
| Misconfigured Accounts | Monthly | Attributes change less frequently |
| Duplicate Accounts | Quarterly | Duplicates accumulate slowly |
Configure the monitor job to send alerts when new critical or high severity issues are detected, when the total issue count exceeds a threshold, or when a category shows a significant increase from the previous scan.
Best Practices
- Run monthly full scans -- Establish a baseline and track improvement consistently
- Track trends quarterly -- Present trend data to management and security leadership each quarter
- Export compliance evidence -- Before each audit, export the relevant session logs and trend data
- Investigate spikes -- A sudden increase usually indicates a process change or data quality problem
- Compare before and after -- Use aggregate statistics to quantify the value of your identity hygiene program
- Set improvement targets -- Define goals (e.g., "reduce stale accounts below 50 by Q2") and track progress
- Review failure patterns -- If certain remediations consistently fail, address the underlying permission or configuration issue
Next Steps
- Bulk Operations Overview -- Revisit the architecture and issue categories
- Running Bulk Operations -- Step-by-step execution guide
- Intelligence Hub Overview -- AI-powered insights that drive detection
- Policies Overview -- Policy violations that feed into bulk operations
- Browsing Your Directory Objects -- Drill into individual objects from analytics
- Dashboard and Reporting -- View bulk operation metrics alongside other admin dashboards