Part 5: Set It and Forget It? Not So Fast – IAM Audits and Tune-Ups
Identity and access management isn’t a one-time project—it’s an ongoing process. Without checkups, good systems drift into chaos.
Why IAM Drifts Over Time
- Employees switch roles
- New apps added without oversight
- Shared logins sneak back in
- Former users still have access
- Permissions pile up over time
What to Review (and How Often)
- User accounts – Monthly/Quarterly
- Admin access & MFA – Monthly
- Shared accounts – Quarterly
- API tokens – Quarterly
- Group roles – Semi-annually
How to Perform a Lightweight IAM Audit
- ✅ Export a list of users and roles
- ✅ Check admin rights & MFA
- ✅ Look for inactive users
- ✅ Cross-check with HR roster
- ✅ Document changes & schedule next review
Simple Tools That Can Help
- Microsoft Secure Score
- Azure Entra ID
- Google Admin Console
- Bitwarden Admin Vault
- Your MSP (like Wentz IT 😉)
IAM Tune-Up Tips
- Rotate credentials
- Block legacy protocols
- Audit sharing permissions
- Clean up unused accounts
- Calendar your audit cycle
IAM is a Habit, Not a Handoff
Use this Quarterly Audit Checklist to keep your access controls sharp and consistent.