Ask the community

Ensure Azure Active Directory donot have any stale users ( users who did not login in last 30 days)


Azure has the following logic to check  Active Directory for stale users:

refreshTokensValidFromDateTime > STS TokenLifetimePolicy MaxInactiveTime (default of 90 days for Azure, may vary for customer) + acceptable number of days past the refresh token, for which an account can be inactive( in this case 30).


Security Posture Management can help with custom rule for above use case as in :


User should not have LastTokenChange isEarlierThan ( -120, "days")

0 Replies 0

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In