Ensure that all the deprecated accounts within your Azure cloud subscription(s) are monitored so that Microsoft Defender for Cloud can determine if there are any accounts that need to be removed in order protect against unauthorized access. Deprecated accounts are those accounts that are no longer needed, and blocked from signing in by the Microsoft Entra ID.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By monitoring identity activities using Microsoft Defender for Cloud, you can take proactive actions before an incident occurs, or reactive actions to stop an attack attempt. If the monitoring of the deprecated accounts is enabled, Microsoft Defender for Cloud can flag the deprecated accounts for removal.
Audit
To determine if the monitoring of deprecated accounts is enabled within the Microsoft Defender for Cloud security policy, perform the following actions:
Remediation / Resolution
To enable the monitoring of deprecated accounts within the Microsoft Defender for Cloud security policy, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Azure Policy built-in policy definitions
- Manage multi-factor authentication (MFA) enforcement on your subscriptions
- Sign-in logs in Microsoft Entra ID
- Manage security policies
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token