Understanding Detected vs. Approved services
Think of "Detected" and "Approved" as two very different service types within Substly. Detected services are shadow IT - tools introduced without formal oversight. Approved services are actively added and managed to create your service portfolio.
TL:DR;
Detected services 🔦
Any new service detected in your environment.
Automatically found by the Substly shadow IT discovery engine.
Approved services ✅
A service you have added to your service portfolio.
Can be manually added, without waiting for detection.
Detecting new services
When Substly detects a new SaaS tool being used in your organization, that service will show up under Detected services.
On this page, you can see key details about the discovered usage:
What service has been detected
When it was first used
When it was last used
How many users have used it
How it was detected
This is a window into the shadow IT present in your environment.
👉 Dive deeper into Substly Detected and our tools to manage shadow IT in our guide Detected: Understanding shadow IT detection and management in Substly.
Approving a service
Once approved (or manually added), a service moves to your Approved services page and is now considered part of your sanctioned tech stack.
The Approved status unlocks management functionality.
Now you can:
Assign a service owner
Handle offboarding
Manage user licenses
Input and track costs
Set renewal reminders
Store contracts and agreements
Once a Detected service has been Approved it is no longer considered to be Shadow IT, and will therefore disappear from your Detected services view to move into your Approved services page instead.
🤔 How does Substly discover shadow IT?
Our discovery engine detects service usage through integrations with your Entra or Workspace, as well as our our unique Substly Extension which captures browser based usage. Even when a service is accessed without SSO.
Archiving services
Services that have previously been Approved have an additional possible status: Archived. Archive a service when you no longer consider it part of your portfolio.
Services that have been archived at any point in their lifecycle will have their archival date(s) logged under Archived Services, and will always retain a label of Previously archived.
You can archive a service at any time - or at a scheduled date - from its Service detail page. Upon archiving a service, you may also choose to Ignore it preemptively, should usage be detected again.
You can always restore an archived service to Approved status, else choose to Ignore or Flag it.
👋 Note: Archived Services functions as a log
Should you archive a service twice, Archived Services will log the action twice, and note each archival date.
Archived services can be Detected again
An archived service has a cool-down period of 1 week before it can get Detected again. Upon archiving a service, you can preemptively mark it to be Ignored when next detected.
Once an archived service has been detected again, it can be assigned any of the Detected status flags - in other words, you can make a new decision on whether to Flag, Ignore or Approve it again.
In some cases, you may want to Flag an archived service right away. Read more about the monitoring and communication tools we have available here.
🌟 Tip: Use flagging to phase out old services
Replacing a service with another? Want to make sure an archived service doesn't continue to be used? Flag the service right away.
This gives you tools to monitor and communicate around continued usage across your organization.
Putting it all together
Detected services are your automatically discovered Shadow IT.
You can handle detected services by assigning them a state.
Ignored services are still monitored, but relegated to their own view.
Flag services to use additional Shadow IT monitoring and management tools.
Approved services are your sanctioned and actively managed portfolio.
An approved service can be Archived, and detected again.
📗 Further reading