How it works

OwnerLens is an evidence pipeline, not an ownership oracle.

It collects raw signals, keeps their source visible, and produces candidates that a human or governance workflow can validate.

1. Collect tenant data

OwnerLens reads Entra and Azure metadata for Service Principals, Managed Identities and Resource Groups. Collection should stay boring: raw data first, interpretation later.

2. Normalize entities

Different Azure and Entra records are normalized into stable local structures so lists, filters, evidence views and exports use one model.

3. Extract evidence

Signals such as tags, app owners, RBAC context, resource group metadata, home resource context and external enrichment become explicit owner evidence records.

4. Rank owner candidates

Owner candidates are ranked by source quality and confidence. Weak signals are still useful, but they must not be presented as final accountability.

5. Export for review

The output should be usable outside the local UI: CSV/JSON for IAM review, GRC workflows, partner delivery, import, or remediation planning.

Design rule: do not hide uncertainty. Showing why the owner candidate was selected is more important than pretending the answer is final.