Identity

User and guest account management

11 findings in this category.

• Medium Admin consent workflow not enabled Checks whether admin consent workflow is configured so that users can request access to apps that require administrator approval.
• High Disabled users still assigned to roles Detects disabled user accounts that are still members of directory roles
• Medium Disabled users still hold licenses Identifies disabled users that still have one or more assigned licenses.
• Low Duplicate display names Detects multiple enabled users sharing the same display name.
• Medium External User Access Reviews external user access and permissions
• Medium Groups without owners Identifies Microsoft 365 groups and security groups without assigned owners.
• Medium Guest users from consumer email providers Identifies guest users invited from consumer domains (gmail, outlook.com, hotmail, yahoo, etc.).
• Critical Guest Users in Admin Groups Identifies guest users assigned to administrative groups
• Medium Inactive User Accounts Identifies user accounts inactive for 90+ days
• Medium Stale Guest Users Identifies guest users who have not signed in for 90+ days
• Medium Users that have never signed in Detects enabled users created more than 30 days ago that have never signed in.