This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 19%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIF%3C/text%3E%3C/svg%3E)
We run a hybrid environment with accounts being generated on-premise and synced to AAD for Office365.
We also have Password writeback working to allow password changes from AAD to replicate locally for consistency.
The issue we have is with sign-in blocked/disabled accounts.
If an account is disabled on-premise, the status is synced to AAD to prevent logins, which is the desired result ... BUT if an account is disabled in AAD, the next sync between on-premise and cloud will re-enable to account in AAD, restoring sign-in access for the account.
This poses an issue as we occasionally need to lock down an account (typically a compromised email account, attempting to spam others).
How can the sign-in allowed/blocked status be synced from AAD to on-premise (or bi-directionally)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZF%3C/text%3E%3C/svg%3E)
Please is premise account enable now
Please i start using my Premise account again if
I mean is my Premise account enable and can i start using now
Recently we had a complain a user which left organiation 2 month ago but can still access his yammer account
however in last we before not did to blocked signin on office 365 admin center.
Now we need justificaiton despite of user license unlicensed and inactive/disable on primeses AD how user can access Yammer App?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 24%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
On-Premises is authoritative in this scenario, hence the behaviour you are seeing
There is no bi-directional sync, you will have to block in on-premises.
☹️
that’s not the answer I was hoping for...
Recently we had a complain a user which left organiation 2 month ago but can still access his yammer account
however in last we before not did to blocked signin on office 365 admin center.
Now we need justificaiton despite of user license unlicensed and inactive/disable on primeses AD how user can access Yammer App?