Hi @James M. Arthurs ,
I understand that you looking for a way to avoid having the accounts get disabled and wondering if there might be an automated process in Azure that could be causing this behavior.
There isn't an automated process in Azure that would cause the accounts to be disabled, but if users are getting disabled unintentionally, it's possible that someone in your org is running a script to disable the users. Alternatively, there might be a conditional access policy that is blocking the users based on some criteria.
Someone who is using a script to disable the inactive accounts could evaluate the lastSignInDateTime
property exposed by the signInActivity
resource type of the Microsoft Graph API. Then they could query a list of users whose last lastSignInDateTime
is before a specified date and disable those users. This might explain why users are being blocked if they haven't signed in within a three-week timframe.
https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2019-06-01T00:00:00Z
It is also possible that the service accounts are being disabled due to Conditional Access policies. The accounts could get blocked if you have conditional access policies in place that require MFA, block access from certain locations or devices, or determine that the users do not meet certain risk assessments. You can check the sign-in logs and policy settings to determine if users are getting blocked due to Conditional Access settings.
Let me know if this helps and if you have further questions.
If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.