cancel
Showing results for 
Search instead for 
Did you mean: 

Ensure Azure Active Directory donot have any stale users ( users who did not login in last 30 days)

Rajarshi
Netskope
Netskope

Azure has the following logic to check  Active Directory for stale users:


refreshTokensValidFromDateTime > STS TokenLifetimePolicy MaxInactiveTime (default of 90 days for Azure, may vary for customer) + acceptable number of days past the refresh token, for which an account can be inactive( in this case 30).

 

Security Posture Management can help with custom rule for above use case as in :

 

User should not have LastTokenChange isEarlierThan ( -120, "days")

0 REPLIES 0