title: The /briefing Command category: ChatHub tags: chat, briefing, executive-summary, dashboard, insights priority: Normal
The /briefing Command
The /briefing command delivers an executive-level summary of your identity environment in a single, comprehensive response. It is one of the most valuable features in ChatHub, providing a snapshot of your environment's health, security posture, and pending action items.
What the Briefing Includes
When you run /briefing, the BriefingCommand gathers data from across IdentityCenter's subsystems and compiles it into a structured report. The briefing covers the following areas:
Identity Overview
| Metric | Description |
|---|---|
| Total Identity Count | The total number of identity objects across all connected sources |
| Users | Active and disabled user account counts |
| Computers | Active and disabled computer account counts |
| Groups | Security and distribution group counts |
| Service Accounts | gMSA, MSA, and standard service account counts |
| Contacts | Contact object counts |
| OUs | Organizational unit count |
Synchronization Status
The briefing reports on your most recent sync operations:
- Last Sync Time -- When the most recent sync project completed
- Sync Result -- Success, partial success, or failure status
- Items Processed -- Number of objects created, updated, or unchanged
- Pending Syncs -- Any scheduled sync projects that have not yet run
Policy and Compliance
| Item | Description |
|---|---|
| Open Policy Violations | Count of unresolved violations across all active policies |
| Violation Breakdown | Counts by severity (Critical, High, Medium, Low) |
| Compliance Score | Overall percentage of policy compliance |
| Top Violating Policies | The policies with the most active violations |
Access Reviews
- Pending Access Reviews -- Number of reviews awaiting completion
- Upcoming SLA Breaches -- Reviews approaching their due date
- Overdue Reviews -- Reviews that have passed their deadline
- Campaign Progress -- Completion percentage for active campaigns
Security Events
| Event Type | Description |
|---|---|
| Recently Disabled Accounts | Accounts disabled in the last 24-48 hours |
| Recently Locked Accounts | Accounts currently in a locked-out state |
| Password Expirations | Accounts with passwords expiring within 7 days |
| Privileged Account Changes | Membership changes in administrative groups |
Top Action Items
The briefing concludes with a prioritized list of recommended actions. These are generated by the Intelligence engine and ranked by urgency:
- Critical policy violations requiring immediate attention
- Overdue access reviews approaching SLA breach
- Inactive privileged accounts flagged for review
- Stale computer accounts exceeding the inactivity threshold
- Security configuration risks (unconstrained delegation, reversible encryption)
When to Use the Briefing
Daily Morning Review
Start each day with a briefing to understand what happened overnight and what needs attention. This is the most common use case:
/briefing
Review the output, then click follow-up suggestion chips to investigate any flagged items.
Before Management Meetings
Generate a briefing before meeting with leadership or security stakeholders. The briefing provides the data points typically requested in executive reviews:
- How many identities are under management?
- Are there any open security issues?
- What is the compliance posture?
- Are access reviews on track?
After Major Changes
Run a briefing after significant environment changes to verify the impact:
- After a large sync import
- After bulk account operations
- After policy configuration changes
- After an organizational restructure
Incident Response
During a security investigation, the briefing provides immediate context about the environment's current state, including recent account changes and active violations.
Proactive Greeting Briefing
When you first open ChatHub, the system automatically provides an abbreviated environment snapshot as part of its greeting. This mini-briefing includes:
- A count of items needing attention
- The most recent sync status
- Any critical alerts
This is lighter than the full /briefing output and serves as a quick pulse check. If anything catches your eye, type /briefing for the complete view.
How the BriefingCommand Works
The BriefingCommand implementation follows this process:
- Data Collection -- The command queries multiple services in parallel: sync status, policy violations, access review progress, recent security events, and object statistics.
- ConversationContext -- The command accesses the current user's ConversationContext to personalize the output (e.g., highlighting items relevant to the user's responsibilities).
- Intelligence Integration -- The Intelligence engine's ContextualInsightService contributes risk-scored action items and anomaly flags.
- Response Formatting -- Data is formatted into a structured, readable report with sections, tables, and priority indicators.
- Suggestion Chips -- After the briefing, follow-up suggestions are generated based on the most notable findings (e.g., "Show inactive admin accounts" if stale privileged accounts were flagged).
Customizing Briefing Content
You can influence what appears in your briefing through IdentityCenter's configuration:
| Setting | Location | Effect |
|---|---|---|
| Inactivity Threshold | Intelligence Settings | Controls the number of days before an account is considered inactive (default: 90 days) |
| Policy Scope | Policy Configuration | Only active policies appear in the violation summary |
| Review Campaigns | Access Reviews | Only active campaigns appear in the review section |
| Sync Projects | Synchronization | All enabled sync projects are included in the status report |
Using Briefing Data for Reports
The briefing output provides a useful foundation for reports:
- Run
/briefingto get the current snapshot - Copy relevant sections into your report
- Use
/report complianceor/report privileged-accessfor detailed, exportable report formats - Combine briefing data with Dashboard Reporting for visual charts and graphs
Example Briefing Output
Environment Briefing - February 20, 2026
IDENTITY OVERVIEW
Total Objects: 12,847
Users: 8,234 (7,891 active / 343 disabled)
Computers: 3,102 (2,980 active / 122 disabled)
Groups: 1,287 (894 security / 393 distribution)
Service Accounts: 224
SYNC STATUS
Last Sync: Today at 06:00 AM (Full AD Sync)
Result: Success - 12,847 objects processed
Next Scheduled: Today at 12:00 PM
POLICY COMPLIANCE
Overall Score: 94.2%
Open Violations: 47
Critical: 3 | High: 12 | Medium: 22 | Low: 10
ACCESS REVIEWS
Pending Reviews: 156
Due Within 7 Days: 42
Overdue: 8
ACTION ITEMS
1. [CRITICAL] 3 privileged accounts inactive >90 days
2. [HIGH] 8 overdue access reviews - SLA breach imminent
3. [HIGH] 12 accounts with "password never expires" in admin groups
4. [MEDIUM] 22 computers inactive >90 days
5. [MEDIUM] 5 groups with no members (candidates for cleanup)
Briefing Follow-Up Workflow
After reviewing a briefing, a typical investigation workflow might look like:
- Review the briefing -- Identify the highest-priority items
- Investigate critical items -- "Show me the 3 inactive privileged accounts"
- Take action --
/disable stale-admin-01or route to a review campaign - Verify the change --
/audit user:stale-admin-01 last:1h - Re-run briefing -- Confirm the action item count decreased
Next Steps
- ChatHub Slash Commands Reference -- Full reference for all available commands
- Natural Language Queries -- Ask questions in plain English
- ChatHub Advanced Features -- Alert subscriptions and saved queries
- Intelligence Hub Overview -- The analytics engine powering briefing insights
- Dashboard and Reporting -- Visual dashboards and exportable reports
- Access Reviews Overview -- Managing access review campaigns