TenLens
Nov 18, 2025

Why we built TenLens: the case for an identity instrument.

MHMira Halonen· 6 min read
When we started TenLens, most of the directory tooling we used was a series of windows and tabs. The Microsoft 365 admin center. The Entra portal. A PowerShell prompt. A spreadsheet of license assignments. A Notion page someone in security kept up to date. None of them spoke to each other, and the work that mattered lived in the gaps between them.

After a few years of running IT at companies of every size, we started to think of identity less as a checklist and more like an instrument. Not something you visit once in a while through a maze of admin tabs. Something your team installs, keeps close, and uses every day.

From a checklist to a console

The current generation of directory tools treats hybrid identity as a series of discrete tasks: provision a user, assign a license, audit a sign-in. Each task gets its own UI, its own permissions model, its own export format.

That's fine when the tasks are rare. When they're constant (and at scale they always are), the cost of context-switching between tools eats the day. The real work, the analytical work where you actually understand what's happening across your tenants, never gets done.

An instrument feels different. It's calibrated. You can read it at a glance. It rewards expertise. And, crucially, it stays close to the operator.

Why local, not SaaS

TenLens is not another hosted admin dashboard. You install it with our macOS or Windows installer, start it locally, and open the main console in your browser. The experience is web-based. The deployment is local, inside infrastructure your team controls. We think that matters for three reasons:

  • ControlThe application runs inside your environment, not in a vendor-hosted mirror of your tenant. Your team decides where it lives and how it is operated.
  • SpeedSearch, reports, and day-to-day workflows feel immediate when the console runs locally instead of bouncing every interaction through another remote layer.
  • FitA browser-based console still behaves the way IT teams expect: easy to open, easy to bookmark, easy to keep beside a runbook, ticket queue, or change plan.

Tenants are first-class

Almost every IT team we talked to managed more than one tenant. Acquisitions, regional splits, subsidiaries, partner orgs. The existing tools force you to sign out and back in for every context switch, sometimes through MFA.

We made the tenant a first-class object in TenLens. Connect multiple tenants once, then search and report across them from one place. Narrow to a single tenant when you want precision, but do not make "which account am I signed into right now?" the first step of every investigation.

That sounds small until you do the math. Every avoided sign-out, every avoided second portal, every avoided "wrong tenant" detour gives time back to the work that actually matters: understanding risk, fixing drift, and moving identity changes through cleanly.

What we're working on next

Three things on our near roadmap. Better ways to share and reuse runbooks across a team. Deeper hybrid coverage as Active Directory management expands beyond private beta. And sharper workflows for the repetitive identity jobs that still live in scripts, spreadsheets, and tribal knowledge today.

We'd love your feedback. If you're an IT operator who's been doing this for a while, write to support@tenlens.com. Every message gets read.

MH
Mira Halonen
Co-founder · TenLens · Previously Head of IT, Northwind Logistics
Follow
Keep reading
May 27, 2026 · Product

Multi-tenant search, end to end: one ⌘K bar for every directory you run.

6 min read
Mar 19, 2026 · Product

Bugbot for IT: guardrails before you ship a Conditional Access change.

7 min read
Jan 22, 2026 · Research

Audit log search at 10k events per second: what we learned indexing Entra at scale.

11 min read