Stale accounts

Stale Active Directory and Microsoft Entra ID accounts can jeopardize an organization's security and efficiency. Stale accounts, left unused for long periods, can be exploited by malicious actors, former employees, or insiders for unauthorized access to sensitive data and systems. Stale accounts also pose compliance risks, consume resources, and increase IT infrastructure complexity. Attack Surface Risk Management defines a stale account as an account with no successful sign ins for 180 days or more. (Accounts that are less than 180 days old are not included.)

To mitigate this risk, investigate any account that has remained inactive for more than 180 days. If there is no reason for the inactivity, remove or disable the account.