.svg)
The Vaults section of the Security Audit Dashboard is where administrators move from organization-level insight to individual accountability. It provides a per-user, per-vault view of credential health — the primary tool for identifying who is contributing most to organizational risk and what action needs to be taken.
Privacy note: No actual vault item details are ever visible to admins. Only aggregated audit metrics are transmitted from user devices.
The Vaults Table
The Vaults table lists every vault in the organization alongside key risk indicators. Each row represents a single vault belonging to a user, with the following columns:
|
Column |
Description |
|---|---|
|
User |
The email address of the vault owner. For Other Vaults, the vault name and storage location (e.g., SharePoint Sites, Teams, Shared Drive) are also shown. |
|
Compromised |
Number of passwords in this vault found in known breach datasets. |
|
Identical |
Number of passwords reused across multiple accounts. |
|
Weak |
Number of passwords that do not meet strength thresholds. |
|
Breached |
Number of credentials associated with websites known to have been breached. |
|
Health |
A visual indicator of the vault's overall security status: At Risk (red), or a dash indicator that shifts from red through amber to green as health improves across Low, Medium, and High. |
|
Score |
The vault's numeric security score as a percentage. Lower scores indicate greater exposure. |
Filtering Vaults
The Vaults section includes a set of filters that allow you to narrow the list to the most relevant vaults for your investigation.
Vault Type
-
Primary Vaults — Each user's personal Enpass vault, automatically created when they join the organization.
-
Other Vaults — Shared or secondary vaults, including those stored in OneDrive, Microsoft Teams, SharePoint Sites (in Microsoft 365 deployments), or Google Drive, Shared Drives (in Google Workspace deployments).
Switch between these tabs to focus your review on personal credential hygiene (Primary Vaults) or shared credential risk (Other Vaults).
Security Filter
Filter vaults by their current health rating:
-
At Risk — Vaults with the lowest security scores and most critical issues. Start here.
-
Low — Vaults with below-average scores.
-
Medium — Vaults with moderate scores.
-
High — Vaults with strong credential health.
Location Filter (Other Vaults only)
When viewing Other Vaults, filter by storage location: OneDrive, Microsoft Teams, SharePoint Sites (in Microsoft 365 deployments), or Google Drive (in Google Workspace deployments).
User License
By default, only vaults belonging to users with an active Enpass license are shown. To include vaults of users whose license has since been unassigned, select Unassigned from the User License filter.
Searching for a Specific User
Use the Search by email field above the filters to locate a specific user's vault directly. This is useful when responding to a specific user complaint, an HR escalation, or a triggered alert.
Exporting Vault Data
Select Export CSV (top right of the Vaults table) to download the full vault list with all columns as a CSV file. This export is intended for:
-
Audit reporting — Provide evidence of password health monitoring to internal or external auditors.
-
Remediation tracking — Share a list of at-risk users with team leads or security teams for follow-up.
-
Trend analysis — Compare exports over time to measure improvement in organizational password hygiene.
Drilling Down into a Vault
Clicking on any row in the Vaults table opens the individual vault view, which provides a full security breakdown for that specific vault.
The individual vault view presents the same sections — Security Score, Critical Alerts, Attention Required, Compliance Gaps, and Actionable Suggestions — as described on the organization level in Understanding Indicators of Audit Dashboard. All metrics are scoped to this vault only.
Vault Details
The Vault Details section provides metadata about the vault itself, useful for investigation and audit purposes:
|
Field |
Description |
|---|---|
|
Owner details |
The email address of the vault owner, and whether their license is active. |
|
Vault's password strength |
The master password strength rating for this vault (e.g., Good). |
|
Keyfile in use |
Whether an additional keyfile is used to encrypt this vault (Yes/No). |
|
Vault ID |
The unique identifier for this vault, typically used to correlate vault activity in SIEM logs. |
|
Number of items |
Total count of items stored in the vault. |
|
Number of attachments |
Total count of file attachments stored in the vault. |
|
Last Password Modified |
Timestamp and actor for the most recent password change in this vault. |
|
Last Vault Modified |
Timestamp and actor for the most recent vault modification. |
Activity
The Activity table lists all users who have accessed this vault, along with their email address, device name, and the timestamp of their last access. This is relevant for shared vaults where multiple people have access, and can be used to identify unauthorized or unexpected access patterns.