Active Directory hygiene is a cornerstone of information security. This session takes an identity-first approach: what counts as identity proofing, how employee and third-party identities differ, and what should happen before issuing credentials. We then walk through practical AD hygiene practices focused on privileged groups, service accounts,  and monitoring. You’ll learn how on/off boarding leads to drift, and leave with an assessment approach, free tools to use, metrics leadership understands, and a plan to reduce risk and prevent drift.