Blog - Rencore

How to deal with inactive external users

Written by Sven Seidenberg | Mar 27, 2024 1:02:07 PM

Hello! I’m Sven Seidenberg and I am going to show you how to solve the most asked for cloud collaboration governance challenges with our incredibly easy-to-use tool Rencore Governance!

In this blog post, we are learning how to deal with inactive external users - let’s get into it and watch the video below!

Firstly, we head to the dashboard overview where you can see some quick information about your tenant. From here you can jump into the inventory and select  the “users” segment to identify any inactive external users.

We notice that user Megan fits into the criteria that we built for this policy. Here we can see any reported violations in more detail.

Now we can get to the action by switching to our Compliance section at the top of the UI and search for a policy that matches our use case. We have a prebuilt policy already: “inactive external users.'' By opening it, you can get a first glimpse of the data from when the policy was created or added.

Looking deeper in the policy builder, we can see governance best practices and how the policy is set up. In this case, for every user that is external, that has not signed in for six months, and the last sign in is not empty (has not ever signed in).

Why do we incorporate this here? When someone invites an external user and they do not sign into your environment, they were never active. This might help the decision that you want to make later down the line. For example, you might want to give them time to catch up and sign in.

Directly in the policy, we can add an automation that takes care of the action you want to perform. Here in the workflow the trigger is set to “policy violations”. Whenever your environment is scanned the policy will activate and the automation will trigger alongside all predefined actions.

Next, we want to add some automated actions to the workflow because we don’t want to do those manually, we have better things to do, we want Rencore Governance to handle this for us.

The most straight forward solution would be to disable the user accounts that are inactive and haven’t signed in for six months, but you can also opt to send them an email beforehand pointing out that their account will be deleted and disabled in case they don’t log in in the next 14 days.

For this use case, we will stick with the direct disable action for the user and I can add the information from our policy action using the email and activation state to disable. Next, we give a name and a brief description as well as logo Icons. Click save and enable, and this will then be activated after the next scan.

For more Microsoft 365 collaboration governance tips and tricks, make sure to like and subscribe to our YouTube channel and follow Sven on LinkedIn.

If you have any questions about Rencore Governance or would like to see it in action, please feel free to reach out directly!