Identifying Inactive Administrative User Accounts in Azure AD

Identify Inactive Administrative User Accounts in Azure Active Directory (Azure AD) Tenant

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains several administrative user accounts.

You need to recommend a solution to identify which administrative user accounts have NOT signed in during the previous 30 days.

Which service should you include in the recommendation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D

To identify which administrative user accounts have not signed in during the previous 30 days in Azure AD tenant, the recommended service is Azure AD Privileged Identity Management (PIM) which is option D.

Azure AD Privileged Identity Management (PIM) is a service that provides time-based and approval-based role activation to limit the exposure of privileged accounts. It allows an organization to monitor privileged accounts, control access to resources, and identify accounts that are inactive.

To identify which administrative user accounts have not signed in during the previous 30 days, follow these steps:

  1. Enable Azure AD PIM for your Azure AD tenant.

  2. Configure roles for your administrators, including role assignments, time-based activation, and approval workflows.

  3. In the Azure AD PIM portal, select the 'Audit history' section.

  4. In the 'Audit history' section, you can select the 'Reports' option.

  5. In the 'Reports' option, select the 'Audit history' report.

  6. In the 'Audit history' report, select the 'Users' tab.

  7. In the 'Users' tab, you can see a list of all users in your Azure AD tenant who have been assigned privileged roles.

  8. In the 'Users' tab, you can sort the list by the 'Last activity' column to identify which administrative user accounts have not signed in during the previous 30 days.

Thus, using Azure AD PIM's audit history and report feature, an organization can identify inactive privileged accounts and take appropriate actions to ensure the security of the Azure AD tenant.

Option A (Azure AD Identity Protection) is incorrect because it focuses on protecting user identities from external threats such as cyber-attacks and does not offer a feature to identify inactive user accounts.

Option B (Azure Activity Log) is incorrect because it logs all activities performed in Azure, including administrative actions, but it does not offer a feature to identify inactive user accounts.

Option C (Azure Advisor) is incorrect because it provides recommendations to optimize Azure resources and does not offer a feature to identify inactive user accounts.