Skip to main content

Workflow Template: Dormant Account Remediation HyperAgent for EntraID

Detects and remediates dormant user accounts in Entra ID through a two-agent workflow with Slack-based approval and full case tracking.

Updated today

The "Dormant Account Remediation HyperAgent for EntraID" workflow template is designed to enhance security and compliance by identifying and managing dormant user accounts in Azure Entra ID. This automated process runs on a scheduled basis, comparing user activity against a predefined exceptions list. It generates a Torq case for tracking, sends a Slack approval request for account deactivation, and, upon approval, disables the dormant accounts. This ensures that only active and necessary accounts remain enabled, reducing potential security risks associated with unused accounts.

Take Me to the Template

Use Cases

Device \u0026 User Compliance , Identity and Access Management , Suspicious User Activity

Workflow Breakdown

  1. On a scheduled cadence, queries Microsoft Graph for all enabled accounts that have not signed in for 60+ days.

  2. Compares results against the dormant_exception_list workspace variable table and removes any matches.

  3. Creates a Torq case with the final list of dormant accounts.

  4. Sends a Slack Block Kit approval message with all dormant account details.

  5. If approved, disables each account in Entra ID

Vendors

Utils, Microsoft 365

Tips

Related Articles
Workflow Template: Offboarding Remediation with Adaptive Shield
Workflow Template: Disable and Contain a Specific User in Entra ID (ex-Azure AD)
Workflow Template: Just-In-Time Access to Group Membership in Active Directory
Workflow Template: Notify on Open and In-Progress Torq Cases Approaching the SLA
Workflow Template: Just-in-time access to Group Membership in Entra ID (ex-Azure AD)
Did this answer your question?