Learn about highly authorized disabled accounts and how to mitigate this risk.
A disabled admin account poses a security risk as it can be re-enabled by an attacker,
granting them access to sensitive data and systems. Re-enabling a disabled account
may be easier for an attacker than granting admin privileges to a newly created user,
making the disabled account a prime target. Therefore, disabled admin accounts should
be closely monitored and secured to prevent unauthorized access. For more information,
see Microsoft Entra ID's information on privileged account risks, including disabled accounts.
To mitigate this risk, remove any disabled accounts from the following roles or groups.
Microsoft Entra ID roles:
-
Global Admin
-
Privileged Role Administrator
-
Share Point Admin
-
Exchange Admin
Active Directory groups:
-
Enterprise Admin
-
Domain Admin
-
Built-in Admin
Google Workspace roles:
-
Super Admin
 |
Note"Highly Authorized Disabled Accounts" risks cannot be added to the exception list.
|