How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

Question

How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

EnterpriseArchitect 6,061

Using PowerShell Graph SDK or any other means, how can I set the Expiration date of my Entra ID User, or Guest 7 days from now or today?

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.users/update-mguser?view=graph-powershell-1.0#-employeeleavedatetime

Any help would be greatly appreciated.

Thanks,

Raja Pothuraju 24,135 Reputation points Microsoft External Staff Moderator

2025-01-31T04:14:19.2766667+00:00

Hello @EnterpriseArchitect,

Just checking in to see if the below answer provided by @Kavya, helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Accepted answer

1 additional answer

Your answer

Raja Pothuraju 24,135 Reputation points Microsoft External Staff Moderator

2025-01-31T04:14:19.2766667+00:00

Hello @EnterpriseArchitect,

Just checking in to see if the below answer provided by @Kavya, helped.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Kavya 490

You can set EmployeeLeaveDateTime while guest creation by adding 7 days from the creation date. For example,
$EmployeeLeaveDateTime=((Get-Date).AddDays).Date

Schedule the below script (You can use certificate based authentication to run the script unattended) to run daily in the Task scheduler.

Get-Mguser -All | foreach {
 $UserId=$.Id
 $AccountStatus=$_.AccountEnabled
 $EmployeeLeaveDateTime=$_.EmployeeLeaveDateTime
 If(($EmployeeLeaveDateTime -lt (Get-date)) -and ($Account -eq $True))
 { 
  Update-MgUser -UserId $UserId -AccountEnabled $false
 }
}

This will disable users who are in enabled state and EmployeeLeaveDateTime exceeds the current date.

EnterpriseArchitect 6,061 Reputation points

2025-01-31T04:23:12.32+00:00

Thank you @Kavya Kavya .

Answer 2

Zafer KAYA 90 MVP

Install the Microsoft Graph PowerShell Module

Install-Module Microsoft.Graph -Scope CurrentUser

Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.AccessAsUser.All"

$UserId = "user@example.com" # Replace with the User or Guest ID

$ExpirationDate = (Get-Date).AddDays(7).ToString("yyyy-MM-ddTHH:mm:ssZ") # 7 days from now

Update-MgUser -UserId $UserId -EmployeeLeaveDateTime $ExpirationDate

Update-MgUser -UserId $UserId -AccountEnabled $false

Get-MgUser -UserId $UserId | Select-Object DisplayName, EmployeeLeaveDateTime, AccountEnabled

EnterpriseArchitect 6,061 Reputation points

2025-01-31T04:24:01.1+00:00

Thank you @Zafer KAYA ,

Sadly there is no automated way to do that from Microsoft built-in attribute.

Share via

How to set the Entra ID User or Guest account expiry date to prevent login / disabled?

1 additional answer

Your answer