How to Track Deleted Users in Azure Active Directory

by Josh Van Cott

Deleted users in Active Directory are a very common source of helpdesk calls, as the loss of access to Office 365, SharePoint Online, Exchange Online and other Azure AD functions can cause serious disruption to business processes.

IT admins need to be able to easily detect deleted users in Azure AD, to ensure that all of their users can easily access the systems and resources that they need to do their jobs.

Fortunately, Azure AD has in-built functionality you can use to detect deleted user accounts. Below is the process:

 

Track Deleted Users in Azure Active Directory Natively

  1. Tracking user account deletions in Azure AD is a fairly simple process
    • Log in to the Microsoft Azure portal.
    • Go to “Azure Active Directory”
    • Go to “Users and Groups”
    • Click on “Audit Logs”
    • Filter by “Deleted User”
    • If necessary, sort by “Date” to see the most recent events.
  2. Find out who was deleted by looking at the “Target(s)” field.
  3. Find out who deleted the user account by looking at the “Initiated by” field.

 

Detecting Deleted Users in Azure AD Using Lepide Azure AD Auditor

Although the native method is fairly quick and easy in itself, it requires you to manually go into the audit logs and search out deleted users. Most of the time, this will be done in response to an issue that has already been identified. Therefore, most of the business disruption has probably almost taken place.

The value of being able to audit deleted users in Azure AD comes from being able to detect and react to deleted users in Azure AD in real time. The Lepide Azure AD Auditor (part of Lepide Data Security Platform) will enable you detect such users quickly and to have these alerts delivered to your inbox.

To audit deleted users in Azure Active Directory:

  • Run Lepide Data Security Platform.
  • In “All Environment Changes” Navigate to “Audit Reports” and then to “Azure Active Directory Reports”.
  • Select “User Reports” and “User Deleted”

In this report you will be able to easily see which user was deleted, who deleted it and when and where it was deleted from. Powerful searching, sorting and grouping functionality will enable you to improve drastically upon the native methods to reduce helpdesk calls and improve your response times.

Conclusion

Lepide Azure AD Auditor makes it far easier to report on deleted users in Azure AD, and provides context for users created, modified, and moved all from the same simple, scalable platform. Try it out for yourself today with our free trial.

Download Lepide Azure AD Auditor