Stale Account
governance
User account that has not been used for an extended period, typically 90 days or more.
What is Stale Account?
Stale accounts represent security risk because they may belong to former employees, contractors, or forgotten service accounts. These accounts can be compromised and used by attackers without anyone noticing the unusual activity. Regular identification and remediation of stale accounts reduces the attack surface.
In Microsoft 365
Azure AD sign-in logs track last sign-in date. Users who have not signed in for 90+ days can be identified through reporting or Microsoft Graph queries. Stale accounts should be disabled or deleted after verification with the HR system or account owner.
Examples
- 1Former employee account still enabled
- 2Contractor account from completed project
- 3Test account never cleaned up
Related TrueConfig Controls
These controls help implement and verify stale account in your Microsoft 365 environment.
Frequently Asked Questions
What is Stale Account?▼
User account that has not been used for an extended period, typically 90 days or more.
How does Stale Account work in Microsoft 365?▼
Azure AD sign-in logs track last sign-in date. Users who have not signed in for 90+ days can be identified through reporting or Microsoft Graph queries. Stale accounts should be disabled or deleted after verification with the HR system or account owner.
What are examples of Stale Account?▼
Examples of Stale Account include: Former employee account still enabled, Contractor account from completed project, Test account never cleaned up.
Which TrueConfig controls relate to Stale Account?▼
TrueConfig controls related to Stale Account include: GOV-01, GOV-02. These controls help implement and verify stale account in your environment.