Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

App Account Usage

Copper Contributor

I am looking for a way to use Defender for Identity to return information for all Application Accounts in my environments that meet a certain criteria, or at least in my case, a lack of criteria. I need to find out which accounts in my environment have not generated any events in a given period of time. Does this tool have that capability? I see it has some reporting ability, I just couldn't find any that do this.

1 Reply
If you are using the new unified portal ( you should be able to craft a query using the "Advanced hunting" feature. depending on the amount of accounts, it might be heavy, never tried that.
What is the end goal? finding dormant accounts ?