How Do I Handle Inactive Accounts in Microsoft 365 E3?
To handle inactive accounts in Microsoft 365 E3, identify them using audit logs or reports and take appropriate actions, such as disabling, deleting, or reassigning licenses. Regular reviews and automation ensure inactive accounts don’t pose security risks or consume unnecessary resources.
Steps to Manage Inactive Accounts in Microsoft 365 E3
Inactive accounts can create security risks and waste licenses in your organization. Follow these steps to identify and manage them efficiently.
1. Identify Inactive Accounts
Use Microsoft 365 Admin Center or PowerShell to find inactive accounts.
- Admin Center:
- Go to Users > Active Users.
- Use filters to identify users with no recent activity.
- PowerShell Command:
- Run the following script to list inactive accounts:powershellCopy code
Get-MsolUser -All | Where-Object { $_.LastPasswordChangeTimestamp -lt (Get-Date).AddDays(-90) } - Adjust the
-90days based on your inactivity threshold.
- Run the following script to list inactive accounts:powershellCopy code
2. Review Account Activity
Check the usage activity for the identified accounts.
- Use Microsoft 365 Usage Reports to monitor login activity for:
- Outlook (Email)
- Teams
- SharePoint
- OneDrive
- Log in to Admin Center > Reports > Usage for detailed data.
3. Take Action on Inactive Accounts
Depending on the account’s status, choose the appropriate action:
| Action | When to Use | Steps |
|---|---|---|
| Disable the Account | Account may be needed later. | – Go to Active Users. – Disable sign-in. |
| Remove License | To free up unused licenses. | – Navigate to the user profile. – Remove assigned licenses. |
| Delete the Account | No longer needed permanently. | – Ensure data backup. – Go to Active Users and delete. |
| Convert to Shared Mailbox | Former employee’s emails needed. | – Remove license. – Convert mailbox to shared. |
4. Backup Data Before Deleting Accounts
Ensure critical data is not lost before deleting accounts:
- Export mailboxes using eDiscovery.
- Archive documents from OneDrive and SharePoint.
- Use third-party tools for automated backups.
5. Automate Inactive Account Management
Use Azure AD to automate detection and management:
- Enable Azure AD Conditional Access Policies to monitor user inactivity.
- Set up automated workflows with tools like Power Automate to disable accounts after defined periods.
Best Practices for Managing Inactive Accounts
- Set Inactivity Thresholds: Define a timeframe for account inactivity (e.g., 90 days).
- Schedule Regular Reviews: Conduct quarterly audits of inactive accounts.
- Implement Multi-Factor Authentication (MFA): Reduce risks for inactive accounts.
- Document Account Policies: Maintain clear policies for handling inactive accounts.
Why Is Managing Inactive Accounts Important?
- Improves Security: Prevents unauthorized access to unused accounts.
- Optimizes Costs: Frees up licenses for active users.
- Ensures Compliance: Keeps data organized and aligned with internal policies.
Need Help Managing Microsoft 365 E3 Accounts?
Medha Cloud can help you efficiently manage inactive accounts, improve security, and optimize licensing.