Stale Accounts

Learn about stale accounts and how to mitigate this risk.

Stale Active Directory and Azure AD accounts can jeopardize an organization's security and efficiency. Stale accounts, left unused for long periods, can be exploited by malicious actors, former employees, or insiders for unauthorized access to sensitive data and systems. Stale accounts also pose compliance risks, consume resources, and increase IT infrastructure complexity. Risk Insights defines a stale account as an account with no successful sign ins for 180 days or more. (Accounts that are less than 180 days old are not included.)

To mitigate this risk, investigate any account that has remained inactive for more than 180 days. If there is no reason for the inactivity, remove or disable the account.


You may need a Microsoft Premium subscription to ensure the accuracy of this risk assessment.