https://www.verboon.info/tags/account-security/Recent content in Account Security on Anything About ITHugoen-usTue, 08 Jul 2025 15:34:54 +0000https://www.verboon.info/2025/07/shedding-light-on-dormant-sensitive-accounts/Tue, 08 Jul 2025 15:34:54 +0000https://www.verboon.info/2025/07/shedding-light-on-dormant-sensitive-accounts/<p>Dormant sensitive accounts are a high-risk identity exposure. In Microsoft Defender XDR, the recommendation <strong>Remove dormant accounts from sensitive groups</strong> helps surface these accounts, including whether they are inactive, disabled, or have expired credentials.</p> <p> <img src="images/shedding-light-on-dormant-sensitive-accounts-01.png" alt=""> </p> <p>You can export the detected entities, but the export often contains limited context. In many cases, you only get entity names or SID values, which makes remediation harder when you need ownership and organizational details.</p> <p> <img src="images/shedding-light-on-dormant-sensitive-accounts-02.png" alt=""> </p> <p>A practical approach is to use the SID values to enrich the result set with identity attributes from <code>IdentityInfo</code>. You can quickly build a SID variable list using KustoVars, then query Defender XDR for additional context.</p>