User accounts are constantly changing. Employees join, change roles, work with contractors, receive elevated permissions, and eventually leave the organization.
Without a consistent review process, it's easy for excessive permissions, dormant accounts, and outdated access to accumulate over time, creating unnecessary security risk and making compliance reviews significantly more difficult.
Liongard helps MSPs build repeatable user access review processes by continuously discovering identities, monitoring account changes, and providing visibility into privileged access, account activity, MFA adoption, and identity lifecycle data.
Instead of manually reviewing user accounts across multiple systems, teams can establish a standardized process that improves security, supports compliance, and ensures access remains aligned with business needs.
This helps MSPs:
Identify dormant or inactive accounts
Review privileged access regularly
Validate MFA adoption
Detect unauthorized account changes
Simplify audit preparation
Standardize identity governance across clients
Why user access reviews matter
Access reviews shouldn't only happen before an audit.
Organizations constantly experience:
New employee onboarding
Employee departures
Role changes
Contractor access
Temporary elevated permissions
Service account creation
Without regular reviews, organizations often accumulate:
Dormant accounts
Excessive privileges
Shared accounts
Unused administrator accounts
Former employee access
Accounts missing MFA
These issues increase security risk and make incident response more difficult.
A repeatable review process helps ensure users have the right access—and only the access they need.
What to review
Liongard provides visibility into identities across supported platforms, helping teams evaluate:
User lifecycle
Review:
New accounts
Disabled accounts
Dormant users
Deleted users
Recently reactivated users
Privileged access
Identify:
Global Administrators
Domain Administrators
Local Administrators
Users with elevated permissions
Review whether elevated access is still required.
MFA adoption
Review:
Accounts without MFA
Privileged users missing MFA
Inconsistent MFA enforcement
These reviews often become high-priority remediation items.
Service & shared accounts
Validate:
Service account ownership
Shared administrative accounts
Legacy application accounts
Accounts no longer in use
Ensure each account has a documented business purpose.
Build a repeatable review process
Step 1 — Establish a review cadence
Recommended review frequency:
Environment | Review Frequency |
Regulated or high-risk clients | Monthly |
Standard SMB clients | Quarterly |
Low-risk environments | Semi-annually |
Step 2 — Review identity inventory
Use Liongard's Identity Inventory to identify:
New users
Dormant accounts
Privileged users
Accounts missing MFA
Unexpected account growth
Look for changes since the previous review.
Step 3 — Validate access
Ask questions such as:
Does this user still work here?
Does this account require elevated privileges?
Is MFA enabled?
Is this service account still required?
Is access appropriate for the user's role?
Step 4 — Remediate findings
Common remediation actions include:
Remove unnecessary administrator rights
Disable dormant accounts
Delete obsolete users
Enable MFA
Document service accounts
Update group memberships
Step 5 — Document review completion
Record:
Review date
Reviewer
Findings
Remediation actions
Outstanding exceptions
Maintaining consistent documentation supports future reviews and audit readiness.
Common operational workflows
Quarterly access reviews
Perform scheduled reviews of:
Privileged users
Dormant accounts
MFA coverage
Service accounts
Employee offboarding validation
Confirm:
Accounts disabled
Privileged access removed
Shared credentials updated
Group memberships cleaned up
Compliance support
Regular access reviews help support:
CIS Controls
NIST Cybersecurity Framework
SOC 2
HIPAA
Cyber insurance questionnaires
Security investigations
Following a security incident, review:
Recently created accounts
Permission changes
Dormant account activity
Administrative account usage
Best practices
Review privileged accounts separately from standard users
Prioritize dormant administrative accounts
Require MFA for all privileged identities
Document service account ownership
Schedule recurring access reviews
Use Change Detection to monitor unexpected permission changes
Integrate high-risk findings into Actionable Alerts
Operational outcomes
A repeatable user access review process helps MSPs:
Reduce identity-related security risks
Improve visibility into privileged access
Strengthen identity governance
Simplify compliance reviews
Improve audit readiness
Standardize customer security reviews
Reduce unauthorized access
Build more mature security operations