Medium

Users that have never signed in

Detects enabled users created more than 30 days ago that have never signed in.

Category: Identity
Default severity: Medium
Rule key: CHECK_NEVER_SIGNED_IN_USERS
Last updated: April 17, 2026

How to fix it

Disable or delete abandoned accounts. Investigate provisioning flows that create unused accounts.

Required Microsoft Graph permissions

EntraAnalyzer needs the following read-only Graph permissions to evaluate this rule:

Directory.Read.All
User.Read.All
AuditLog.Read.All

Further reading

Search Microsoft Learn for related guidance →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →