You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-identity/remove-inactive-service-account.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,18 +1,18 @@
1
1
---
2
-
title: 'Security Assessment: Remove Inactive Service Account (Preview)'
2
+
title: 'Security Assessment: Remove Inactive Service Account'
3
3
description: Learn how to identify and address inactive Active Directory service accounts to mitigate security risks and improve your organization's security posture.
4
4
ms.date: 08/17/2025
5
5
ms.topic: how-to
6
6
#customer intent: As a security administrator, I want to improve security posture in my organization by removing inactive service accounts
7
7
---
8
8
9
-
# Security Assessment: Remove Stale Service Accounts (Preview)
9
+
# Security Assessment: Remove Inactive Service Accounts
10
10
11
-
This recommendation lists Active Directory service accounts detected as stale within the past 90 days.
11
+
This recommendation lists Active Directory service accounts detected as inactive within the past 90 days.
12
12
13
-
## Why do stale service accounts pose a risk?
13
+
## Why do inactive service accounts pose a risk?
14
14
15
-
Unused service accounts create significant security risks, as some of them can carry elevated privileges. If attackers gain access, the result can be substantial damage. Stale service accounts might retain high or legacy permissions. When compromised, they provide attackers with discreet entry points into critical systems, granting far more access than a standard user account.
15
+
Unused service accounts create significant security risks, as some of them can carry elevated privileges. If attackers gain access, the result can be substantial damage. Inactive service accounts might retain high or legacy permissions. When compromised, they provide attackers with discreet entry points into critical systems, granting far more access than a standard user account.
16
16
17
17
This exposure creates several risks:
18
18
@@ -25,9 +25,9 @@ This exposure creates several risks:
25
25
26
26
To use this security assessment effectively, follow these steps:
27
27
28
-
1. Review the recommended action at [https://security.microsoft.com/securescore?viewid=actions ](https://security.microsoft.com/securescore?viewid=actions) for Remove stale service account.
28
+
1. Review the recommended action at [https://security.microsoft.com/securescore?viewid=actions ](https://security.microsoft.com/securescore?viewid=actions) for Remove inactive service account.
29
29
30
-
1. Review the list of exposed entities to discover which of your service accounts are stale and have not performed any login activity in the last 90 days.
30
+
1. Review the list of exposed entities to discover which of your service accounts are inactive and haven't performed any login activity in the last 90 days.
31
31
32
32
1. Take appropriate actions on those entities by removing the service account. For example:
Copy file name to clipboardExpand all lines: defender-for-identity/whats-new.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -98,11 +98,11 @@ Previously, Defender for Identity tenants received Microsoft Entra ID risk level
98
98
99
99
For UEBA tenants without a Microsoft Defender for Identity license, synchronization of Microsoft Entra ID risk level to the IdentityInfo table remains unchanged.
100
100
101
-
### New security assessment: Remove stale service accounts (Preview)
101
+
### New security assessment: Remove inactive service accounts
102
102
103
-
Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been stale for the past 90 days, to help you mitigate security risks associated with unused accounts.
103
+
Microsoft Defender for Identity now includes a new security assessment that helps you identify and remove inactive service accounts in your organization. This assessment lists Active Directory service accounts that have been inactive for the past 90 days, to help you mitigate security risks associated with unused accounts.
104
104
105
-
For more information, see: Security Assessment: [Remove Stale Service Accounts (Preview)](/defender-for-identity/remove-inactive-service-account)
105
+
For more information, see: Security Assessment: [Remove Inactive Service Accounts (Preview)](/defender-for-identity/remove-inactive-service-account).
106
106
107
107
### New Graph based API for response actions (preview)
0 commit comments