This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Microsoft 365 Lighthouse makes it faster and easier than ever before for Managed Service Providers (MSPs) to manage users across customer tenants. You can search for any user across all your customers’ tenants to make changes to that user account, look at which users have been flagged for risky sign-in behavior, identify users yet to register MFA and more. Today, Lighthouse offers another capacity in this space- managing inactive users.
What or Who are Inactive Users?
If you've ever dealt with managing user accounts, you've probably encountered inactive users already. Inactive users are those user accounts that have had no activity for a long time. You don’t expect to see these accounts in the directory, but they still exist for reasons such as:
- An employee of one of your customers left the company, but their account was never offboarded.
- Interns or other seasonal employees whose accounts weren’t deactivated when their time at the company ended.
- Test accounts that were never removed after the testing was complete.
Why do Inactive Users matter?
Inactive user accounts can complicate the already challenging task of managing users across all of your customer tenants. For example, when you're trying to make sure every user has registered for MFA, these inactive accounts will prevent you from "managing to zero". Cleaning up inactive users will not only remove this noise, but also help with the following:
- Security- It's possible some of these inactive user accounts need to be protected with MFA, as there’s no real user behind the account to register a second factor for authentication. This means these accounts may only have a single factor - a password - as the only layer of defense, which is an easy target for hackers.
- Licenses- If there are licenses assigned to these inactive user accounts, it means your customers are still being billed and paying for more than they need to. Your SMB customers may appreciate a drop in their monthly invoices, however small, once you've reclaimed the unused license from these accounts.
- Hygiene- Maintaining better hygiene with your user inventory will reduce overhead and increase efficiency in your day-to-day user management tasks.
How do I identify and clean up these Inactive user accounts?
Some MSPs already have a process for handling inactive user accounts today. This is usually a manual process of looking at the sign-in activity of user accounts in Azure Active Directory or maintaining PowerShell scripts that look for accounts without any recent sign-in activity. While these methods get the job done, they are only sometimes scalable and require additional overhead and maintenance. Other MSPs don’t have any process in place to manage these accounts.
This is where Lighthouse comes in. You can now easily see all the inactive user accounts across your customer tenants on a single pane of glass!
Once you have visibility into inactive user accounts, the next step is to ensure these accounts are properly offboarded. Your offboarding process may involve a checklist of items like blocking the sign-in of the account, removing any licenses still assigned to the user, delegating access to their Mailbox and OneDrive to other users in the company, etc. But the minimum action we recommend you do immediately is to block these accounts from signing in. You can perform this action in bulk right from the Inactive users report in Lighthouse. Once blocked, these accounts will be removed from all other reports, allowing you to focus on the actual users that need attention.