Currently, there is no native option within Nerdio Manager to automatically block or disable user accounts that have been inactive for a defined period of time. This creates a potential security risk, especially in environments where inactive accounts remain enabled longer than intended.
It would be highly beneficial to introduce a feature that allows administrators to automatically block or disable user accounts based on inactivity.
Requirements:
- Ability to define a threshold (e.g., no interactive sign-in for X days)
- Automatically block or disable accounts that exceed this threshold
- Exclude specific account types, such as: Shared mailboxes, Resource mailboxes (meeting rooms, equipment)
Optional exclusions based on group membership (e.g., service accounts, admin accounts)
Logging and/or reporting of actions taken
Automating this within Nerdio would improve security posture, reduce operational overhead, and ensure consistency across tenants.
Additional Considerations:
Integration with Entra ID sign-in logs
Option to notify administrators before taking action
Configurable grace period before blocking the account
This feature would help organizations enforce least-privilege access and reduce the risk of dormant accounts being misused.
Comments (1 comment)