Investigate Inactive users/accounts

RT-7199 471 Reputation points

How do we investigate/find inactive inactive users/accounts in Cloud App Security Portal. By default it only shows the Dormant Accounts in sensitive groups.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,221 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,801 Reputation points Microsoft Employee

    In Cloud App Security you should be able to check for the alert "ALERT_ZOMBIE_USER" which detects inactive accounts.

    Other ways that I have seen to list inactive users:

    For Azure AD: How to manage inactive user accounts in Azure AD

    For Office 365: How to List inactive users in Office 365

    You can also check in the admin portal under Reports > Usage > Active Users

    This page also has a script that allows you to check for accounts where the users have not changed their passwords in six months:

    Let me know if this is what you are looking for.

    0 comments No comments