Ensure that all the deprecated accounts within your Azure cloud subscription(s) are monitored so that Microsoft Azure Security Center can determine if there are any accounts that need to be removed in order protect against unauthorized access. Deprecated accounts are those accounts that are no longer needed, and blocked from signing in by Azure Active Directory (AAD).
This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure
By monitoring identity activities using Azure Security Center, you can take proactive actions before an incident occurs, or reactive actions to stop an attack attempt. If the monitoring of the deprecated accounts is enabled, Security Center can flag the deprecated accounts for removal.
Audit
To determine if the monitoring of deprecated accounts is enabled within Azure Security Center settings, perform the following operations:
Remediation / Resolution
To enable the monitoring of deprecated accounts within the Microsoft Azure Security Center settings, perform the following operations:
References
- Azure Official Documentation
- Monitor identity and access
- Sign-in activity reports in the Azure Active Directory portal
- Working with security policies
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Monitoring of Deprecated Accounts
Risk level: Medium