Learn about highly-authorized disabled accounts and how to mitigate this risk.
A disabled admin account poses a security risk as it can be re-enabled by an attacker, granting them access to sensitive data and systems. Re-enabling a disabled account may be easier than granting admin privileges to a new user, making it vulnerable to attack. Therefore, disabled admin accounts should be closely monitored and secured to prevent unauthorized access.
To mitigate this risk, remove any disabled accounts from the following roles or groups.
Azure AD roles:
Privileged Role Administrator
Share Point Admin
Active Directory groups:
"Highly-Authorized Disabled Accounts" risks cannot be added to the exception list.