Permissions of inactive identities should be revoked
HIGH
Ensures permissions of inactive identities are revoked to reduce standing access.
What does this mean?
This recommendation identifies Azure identities (users, service principals, managed identities) that have not used their permissions for an extended period. Unused permissions represent unnecessary risk if the identity is compromised.
Benefits of implementation
- Reduces standing access from dormant identities
- Limits the blast radius of credential theft
- Supports principle of least privilege
Drawbacks and considerations
- May revoke permissions needed for infrequent but legitimate operations
- Requires a clear process for re-granting access
- Activity analysis may have detection gaps
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Identity & Access Management
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12