Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This recommendation lists Active Directory service accounts detected as inactive (stale) within the past 180 days.
Why do inactive service accounts pose a risk?
Unused service accounts create significant security risks, as some of them can carry elevated privileges. If attackers gain access, the result can be substantial damage. Dormant service accounts might retain high or legacy permissions. When compromised, they provide attackers with discreet entry points into critical systems, granting far more access than a standard user account.
This exposure creates several risks:
Unauthorized access to sensitive applications and data.
Lateral movement across the network without detection.
How do I use this security assessment to improve my organizational security posture?
To use this security assessment effectively, follow these steps:
Review the recommended action at https://security.microsoft.com/securescore?viewid=actions for Remove inactive service account.
Review the list of exposed entities to discover which of your service account is inactive.
Take appropriate actions on those entities by removing the service account. For example:
Disable the account: Prevent any usage by disabling the account identified as exposed.
Monitor for impact: Wait several weeks and monitor for operational issues, such as service disruptions or errors.
Delete the account: If no issues are observed, delete the account and fully remove its access.
Note
Assessments are updated in near real time, and scores and statuses are updated every 24 hours. The list of impacted entities is updated within a few minutes of your implementing the recommendations. The status might take time until it's marked as Completed.