How to Fix: Automatically Disable Stale Accounts
Step-by-step guide to implement automatically disable stale accounts in your Microsoft 365 environment.
5-10 minutes
Estimated Time
4
Steps
medium
Severity
Enhanced Security
Baseline Level
Why This Matters
Manual reviews miss accounts. Automated disabling ensures that former employees, forgotten accounts, and inactive identities cannot be used by attackers. The 14-day warning prevents disruption for legitimate users.
Prerequisites
- 1Global Administrator or appropriate admin role in Microsoft Entra ID
- 2Access to Microsoft Entra admin center (entra.microsoft.com)
- 3Microsoft Entra ID P2 license
Expected Configuration
- Accounts inactive for 90+ days are automatically disabled
- A warning notification is sent 14 days before disabling
- Emergency access accounts and service accounts are excluded
Remediation Steps
Review Current Configuration
Assess your current configuration in Microsoft Entra admin center.
- •Navigate to the relevant section in Entra admin center
- •Document current settings
- •Compare against expected state
Plan Implementation
Determine the changes needed to meet the expected configuration.
- •Review expected configuration requirements
- •Identify affected users or resources
- •Plan rollout strategy
Implement Changes
Apply the necessary configuration changes.
- •Make required configuration updates
- •Apply to appropriate scope
- •Document changes made
Validate and Monitor
Verify the changes are working as expected.
- •Run TrueConfig scan to verify compliance
- •Test affected functionality
- •Set up ongoing monitoring
Auto-Remediation Available
TrueConfig can automatically fix this control for you. Enable auto-remediation to have this configuration applied and maintained automatically.
Learn about auto-remediationRelated Resources
Automate Your Security Configuration
TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.
Start Free Trial