User Profile
RachelColes
Copper Contributor
Joined 4 years ago
User Widgets
Recent Discussions
Best practices for ex staff and their devices - Security/Compliance
Hi All, What are the best practices or the general consensus on what happens to an ex staff members AAD/AD account and device within Azure and Intune. At present we only disable ex staff and leave the disabled account in Azure/AD (Hybrid environment) and leave the device in Intune...Only after 180 days is the device removed from AAD of non activity. My colleague is of the option, just leave the device and disabled user in AAD for record keeping as it does no harm leaving them there. Now I think, we should be doing the following: Wiping the device via Intune (this will remove it from AAD and Intune) Disable user from AAD/AD, remove from all groups and then once done, delete the user (I appreciate there might be broken links in SharePoint etc, but with a disabled user the same issue) So, from a compliance and security prospective what are the best practices for dealing with ex staff and their devices? I know every company has different ideas Regards Rachel2.1KViews0likes2CommentsBest practices for ex staff and their devices - Security and Compliance
Hi All, Not sure if this is the right Hub for the post but, I think it is.... What are the best practises or the general consensus on what happens to an ex staff members AAD/AD account and device within Azure and Intune. At present we only disable ex staff and leave the disabled account in Azure/AD (Hybrid environment) and leave the device in Intune...Only after 180 days is the device removed from AAD of non activity. My colleague is of the option, just leave the device and disabled user in AAD for record keeping as it does no harm leaving them there. Now I think, we should be doing the following: Wiping the device via Intune (this will remove it from AAD and Intune) Disable user from AAD/AD, remove from all groups and then once done, delete the user (I appreciate there might be broken links in SharePoint etc, but with a disabled user the same issue) The reason for putting the post in the Security/Compliance/Identity Hub is we are going for our first SOC 2 compliance and I feel, having disabled users and non compliant devices in Intune (the device will become non compliant after so many days of not been active) will make it harder to justify why we have non compliant devices in AAD and disabled users. He says we need to leave them in or have to explain why we removed the user/device Keep things to up to date and this helps with doing reporting and housekeeping... So, from a compliance and security prospective what are the best practices for dealing with ex staff and their devices? I know every company has different ideas Regards Rachel
Recent Blog Articles
No content to show