Azure AD – You can now review and remove inactive accounts (preview)

If you are working with Microsoft cloud services, you know that identity management, authentication and authorization rely on Azure Active Directory.

While Azure AD provides a lot of feature to manage identity and ensure appropriate access control, there was a gap with inactive accounts.

Those inactive accounts are account which were once required, either service account, internal users or guest.

With inactive accounts still leaving in your directory there is a potential security risk.

Well, good news, if you are using Azure AD P2 you already know that you have the Access Review feature allowing you to regularly review access to groups or applications.

This Access Review feature has been updated to now allowing you to detect inactive accounts and review if they are still needed or not.

To do so, access your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Identity Governance\Access review blade

image

From there you can create (or edit) an access review for Teams+Groups and select any of the review option, you will then get the option to review only the inactive users (this will appear only once you have selected a Teams or Groups if you choose to specify a list of group to review).

One the inactive users option is enabled you can then define for how long the account should have been identified as inactive.

image

4 thoughts on “Azure AD – You can now review and remove inactive accounts (preview)”

    1. No this is only user account
      Obviously inactive device in AAD is less problematic as it can not authenticate to access your data

    1. Off course, Access Review is a feature of Azure AD P2 (same as PIM)
      This is clearly stated in the post too

Leave a Comment

Your email address will not be published. Required fields are marked *