GOV-01: Review Stale User Accounts

Frequently asked questions about implementing and managing the GOV-01 security control in Microsoft 365 and Entra ID.

Q
What is GOV-01 (Review Stale User Accounts)?
A

GOV-01 is a security control that unused accounts are common attacker footholds. former employees, contractors, or forgotten accounts can be compromised without detection. regular review ensures only active users retain access. It requires that user accounts inactive for 90+ days are identified and reviewed and stale accounts are either disabled, deleted, or documented as exceptions, sign-in activity is reviewed at least quarterly.

Related controls:GOV-01
Q
Why is Review Stale User Accounts important for Microsoft 365 security?
A

Unused accounts are common attacker footholds. Former employees, contractors, or forgotten accounts can be compromised without detection. Regular review ensures only active users retain access.

Related controls:GOV-01
Q
How do I implement GOV-01 in my tenant?
A

GOV-01 requires manual implementation. Manual review required at Level 1; auto-disable available at Level 2

Related controls:GOV-01
Q
What license do I need for GOV-01?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:GOV-01
Q
Which security baseline includes GOV-01?
A

GOV-01 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:GOV-01

5

Questions

1

Related Controls

Categorized

Related Resources

GOV-01 Control Reference

Detailed documentation and implementation guidance

Governance & Hygiene Controls

All controls in the Governance & Hygiene category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →