Governance & Hygiene
Account lifecycle and hygiene practices
Review Stale User Accounts
Unused accounts are common attacker footholds. Former employees, contractors, or forgotten accounts can be compromised without detection. Regular review ensures only active users retain access.
Maintain Group Naming Conventions
Consistent naming conventions improve governance, make groups easier to find, and indicate their purpose at a glance. Random or inconsistent group names suggest poor organizational hygiene and make administration harder.
Audit Privileged Role Assignments
Privilege creep happens gradually. Without a baseline of who should have admin rights, you cannot detect unauthorized role assignments. Regular auditing ensures only authorized users retain privileged access.
Automatically Disable Stale Accounts
Manual reviews miss accounts. Automated disabling ensures that former employees, forgotten accounts, and inactive identities cannot be used by attackers. The 14-day warning prevents disruption for legitimate users.
Conduct Quarterly Privileged Access Reviews
Over time, users accumulate privileges they no longer need. Access reviews force managers to justify each privileged assignment, preventing privilege creep and reducing risk from over-entitled accounts.
Automate Threat Response with SOAR
Manual incident response takes hours. Automated playbooks respond to threats in seconds. Level 3 organizations minimize attacker dwell time by automatically containing compromised accounts.
Ready to implement governance & hygiene controls?
TrueConfig continuously monitors your Microsoft 365 tenant and helps you maintain compliance with these security controls.