Automatically disable to report inactive account in Azure / Entra ID?

Question

Automatically disable to report inactive account in Azure / Entra ID?

EnterpriseArchitect 6,041

I'm curious if there's a built-in feature in Microsoft Entra ID or Azure AD that can automatically disable or remove users whose SignInActivity logs and LastSuccessfulSignInDate are empty.

I need to disable them if no activity has been logged in the last 30 days since their creation.

How can I accomplish this without using a sophisticated scripting process as my tenant is using Entra ID Premium P2 feature. https://learn.microsoft.com/en-us/graph/api/resources/signinactivity?view=graph-rest-1.0&WT.mc_id=M365-MVP-9501%3Fview%3Dgraph-rest-beta

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-02-29T21:41:10.8833333+00:00

@EnterpriseArchitect
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Accepted answer

1 additional answer

Your answer

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2024-02-29T21:41:10.8833333+00:00

@EnterpriseArchitect
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

Answer 1

Domooney-MSFT 2,606 Microsoft Employee Moderator

Hi EnterpriseArchitect,

Thank you for posting your query on Microsoft Q&A!

We do have a feature within Entra ID Governance where you can use "Access Reviews" to automatically generate a report of inactive users and carry out some actions on them, see a blog post here on how to set it up - https://techcommunity.microsoft.com/t5/microsoft-entra-blog/step-by-step-guide-to-identify-inactive-users-by-using-microsoft/ba-p/3944705

This would be the only out of the box solution that does not require automation / scripting.

Do let me know if you have any further queries, I would be happy to help!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Kind Regards, Donal

EnterpriseArchitect 6,041 Reputation points

2024-03-01T00:57:26.8466667+00:00

Thank you @Domooney-MSFT ,
Does this method work for the Guest user and Hybrid Synched User ?
Domooney-MSFT 2,606 Reputation points Microsoft Employee Moderator

2024-03-01T09:30:07.2166667+00:00

EnterpriseArchitect yes it also works for guest and sync'd users. Just be weary of the sync'd users as they should also be disabled on-prem
EnterpriseArchitect 6,041 Reputation points

2024-03-01T11:11:17.9566667+00:00

that's great, thank you @Domooney-MSFT

Answer 2

Scott Timmings 0

Access Reviews with an end result of disabling the account are only applicable to Guest accounts. Looking for a method for this to apply to Member accounts. Right now reviews seem to only be able to act on a group, and then remove the users access to the group as the action - which is not account level action. Anyone have a method for blocking sign in after no login for 30 days for member account types?

Share via

Automatically disable to report inactive account in Azure / Entra ID?

1 additional answer

Your answer