How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

Question

How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

EnterpriseArchitect 6,366

Using PowerShell Graph SDK or any other means, how can I set the Expiration date of my Entra ID User, or Guest 7 days from now or today?

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-1.0#-employeeleavedatetime

Any help would be greatly appreciated.

Thanks,

Raja Pothuraju 47,505 Reputation points Microsoft External Staff Moderator

2025-01-31T04:14:19.2766667+00:00

Hello @EnterpriseArchitect,

Just checking in to see if the below answer provided by @Kavya, helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer accepted by question author

Kavya 655

You can set EmployeeLeaveDateTime while guest creation by adding 7 days from the creation date. For example,
$EmployeeLeaveDateTime=((Get-Date).AddDays).Date

Schedule the below script (You can use certificate based authentication to run the script unattended) to run daily in the Task scheduler.

Get-Mguser -All | foreach {
 $UserId=$.Id
 $AccountStatus=$_.AccountEnabled
 $EmployeeLeaveDateTime=$_.EmployeeLeaveDateTime
 If(($EmployeeLeaveDateTime -lt (Get-date)) -and ($Account -eq $True))
 { 
  Update-MgUser -UserId $UserId -AccountEnabled $false
 }
}

This will disable users who are in enabled state and EmployeeLeaveDateTime exceeds the current date.

EnterpriseArchitect 6,366 Reputation points

2025-01-31T04:23:12.32+00:00

Thank you @Kavya Kavya .
Wojtyle Velasquez 0 Reputation points

2025-08-27T04:12:18.79+00:00

@Kavya Does this work on guest accounts (guest accounts are invited guests)?

1 additional answer

Your answer

Raja Pothuraju 47,505 Reputation points Microsoft External Staff Moderator

2025-01-31T04:14:19.2766667+00:00

Hello @EnterpriseArchitect,

Just checking in to see if the below answer provided by @Kavya, helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
EnterpriseArchitect 6,366 Reputation points

2025-01-31T04:23:12.32+00:00

Thank you @Kavya Kavya .
Wojtyle Velasquez 0 Reputation points

2025-08-27T04:12:18.79+00:00

@Kavya Does this work on guest accounts (guest accounts are invited guests)?

Answer 1

Zafer KAYA 335 MVP

Install the Microsoft Graph PowerShell Module

Install-Module Microsoft.Graph -Scope CurrentUser

Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.AccessAsUser.All"

$UserId = "user@example.com" # Replace with the User or Guest ID

$ExpirationDate = (Get-Date).AddDays(7).ToString("yyyy-MM-ddTHH:mm:ssZ") # 7 days from now

Update-MgUser -UserId $UserId -EmployeeLeaveDateTime $ExpirationDate

Update-MgUser -UserId $UserId -AccountEnabled $false

Get-MgUser -UserId $UserId | Select-Object DisplayName, EmployeeLeaveDateTime, AccountEnabled

EnterpriseArchitect 6,366 Reputation points

2025-01-31T04:24:01.1+00:00

Thank you @Zafer KAYA ,

Sadly there is no automated way to do that from Microsoft built-in attribute.

Share via

How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

1 additional answer

Your answer