Comment on page

Never Logged In

Detect accounts that were created but never successfully logged in. These accounts appeal to attackers as they may be able to register their own MFA factors.
A user will fail this check if they have not logged in within 7 days.
Recommended Actions
Trigger an access review with the user’s manager to verify that the unused account is still necessary. If not needed, suspend the account immediately. Otherwise, reset the account and direct the manager to onboard the user correctly.
Default Check Settings
Number of days: 7