| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts | ||
| Id | 544a208a-9c3f-40bc-b1d1-d7e144495c14 | ||
| Version | 1.0.0 Details on versioning |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this Access Control control | ||
| Additional metadata |
Name/Id: ACF1015 / Microsoft Managed Control 1015 Category: Access Control Title: Account Management | Disable Inactive Accounts Ownership: Customer, Microsoft Description: The information system automatically disables inactive accounts after 365 days. Requirements: User accounts are automatically evaluated to determine if they are actively being used by Microsoft users. OneIdentity receives a daily HR feed of personnel, which it compares to the list of users. Any user accounts that do not have a matching HR record or have been flagged as inactive are then disabled by this process. The OneIdentity process is used to disable any user accounts within AME and GME on a daily basis if there are no associated HR records, or the user accounts have been inactive over 90 for AME, 84 for GME days. All accounts are automatically disabled after the required days of time. Inactive service accounts are never disabled. In an Active Directory environment, all service account IDs are completely unique. It is not possible to reuse or spoof a service account ID. There is no risk mitigated by retiring or disabling service account IDs. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|