Investigate Inactive users/accounts

RT-7199 471 Reputation points
2021-01-28T16:18:59.203+00:00

How do we investigate/find inactive inactive users/accounts in Cloud App Security Portal. By default it only shows the Dormant Accounts in sensitive groups.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,221 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,801 Reputation points Microsoft Employee
    2021-01-28T22:42:21.183+00:00

    In Cloud App Security you should be able to check for the alert "ALERT_ZOMBIE_USER" which detects inactive accounts.

    Other ways that I have seen to list inactive users:

    For Azure AD: How to manage inactive user accounts in Azure AD
    https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts

    For Office 365: How to List inactive users in Office 365
    https://community.spiceworks.com/how_to/104316-list-inactive-users-in-office-365

    You can also check in the admin portal under Reports > Usage > Active Users

    This page also has a script that allows you to check for accounts where the users have not changed their passwords in six months:
    https://learn.microsoft.com/en-us/services-hub/health/remediation-steps-ad/regularly-check-for-and-remove-inactive-user-accounts-in-active-directory

    Let me know if this is what you are looking for.

    0 comments No comments