last sync: 2024-Jun-13 18:14:14 UTC

Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts | Regulatory Compliance - Access Control

Azure BuiltIn Policy definition

Source Azure Portal
Display name Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts
Id 544a208a-9c3f-40bc-b1d1-d7e144495c14
Version 1.0.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description Microsoft implements this Access Control control
Additional metadata Name/Id: ACF1015 / Microsoft Managed Control 1015
Category: Access Control
Title: Account Management | Disable Inactive Accounts
Ownership: Customer, Microsoft
Description: The information system automatically disables inactive accounts after 365 days.
Requirements: User accounts are automatically evaluated to determine if they are actively being used by Microsoft users. OneIdentity receives a daily HR feed of personnel, which it compares to the list of users. Any user accounts that do not have a matching HR record or have been flagged as inactive are then disabled by this process. The OneIdentity process is used to disable any user accounts within AME and GME on a daily basis if there are no associated HR records, or the user accounts have been inactive over 90 for AME, 84 for GME days. All accounts are automatically disabled after the required days of time. Inactive service accounts are never disabled. In an Active Directory environment, all service account IDs are completely unique. It is not possible to reuse or spoof a service account ID. There is no risk mitigated by retiring or disabling service account IDs.
Mode Indexed
Type Static
Preview False
Deprecated False
Effect Fixed
audit
RBAC role(s) none
Rule aliases none
Rule resource types IF (2)
Microsoft.Resources/subscriptions
Microsoft.Resources/subscriptions/resourceGroups
Compliance Not a Compliance control
Initiatives usage none
History none
JSON compare n/a
JSON
api-version=2021-06-01
EPAC