Over time, many Entra ID tenants turn into collections of abandoned and forgotten objects: former employee accounts, guest users who never logged in, orphaned groups, app registrations without owners, and old service principals with excessive privileges. These leftover objects often go unnoticed — yet they quietly expand the attack surface.

In this session, I walk through practical Entra ID housekeeping: which abandoned objects typically accumulate, why they are a real security concern, and how to reliably identify them. I demonstrate real-world techniques using logs, PowerShell, and Security Copilot to gain visibility and clean up effectively.

You will leave with a clear and actionable checklist to streamline your tenant, reduce risk, and maintain long-term security and clarity in your directory — with no zombies left hiding in your tenant.

Many Entra ID tenants contain abandoned accounts, unused app registrations, and service principals with unnecessary privileges. This session demonstrates how to identify and remove these risks — using logs, PowerShell, and Security Copilot — to keep your tenant clean, secure, and transparent.