If you are working with Microsoft cloud services, you know that identity management, authentication and authorization rely on Azure Active Directory.
While Azure AD provides a lot of feature to manage identity and ensure appropriate access control, there was a gap with inactive accounts.
Those inactive accounts are account which were once required, either service account, internal users or guest.
With inactive accounts still leaving in your directory there is a potential security risk.
Well, good news, if you are using Azure AD P2 you already know that you have the Access Review feature allowing you to regularly review access to groups or applications.
This Access Review feature has been updated to now allowing you to detect inactive accounts and review if they are still needed or not.
To do so, access your Azure AD portal (https://aad.portal.azure.com/) and access the Azure Active Directory\Identity Governance\Access review blade
From there you can create (or edit) an access review for Teams+Groups and select any of the review option, you will then get the option to review only the inactive users (this will appear only once you have selected a Teams or Groups if you choose to specify a list of group to review).
One the inactive users option is enabled you can then define for how long the account should have been identified as inactive.
Can you do the same with devices?
No this is only user account
Obviously inactive device in AAD is less problematic as it can not authenticate to access your data
Unfortunately this doesn’t work with P1 license. Only P2..
Off course, Access Review is a feature of Azure AD P2 (same as PIM)
This is clearly stated in the post too