This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 16%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
Is it possible to detect / by notified a Smart lockout has occurred on a user account, for instance an API to call that returns a value denoting the user account was temporarily locked? The intention is to programatically check if an account is locked and trigger a notification to the user on the back of that.
Cheers,
Eliot
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 50%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
Thank you will do
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Eliot Chen ,
I understand that you are looking for a way to programmatically verify if a user account is locked out via Smart Lockout. While there is not quite an Azure equivalent to the on premises "LockedOut" property, you can check the AccountEnabled or BlockCredential status in Azure AD.
Get-AzureADUser -UserPrincipalName | Select DisplayName,AccountEnabled
Get-MsolUser -UserPrincipalName | Select-Object DisplayName,BlockCredential
If the AccountEnabled attribute is set to "False", you can check also this via Graph API (https://developer.microsoft.com/en-us/graph/graph-explorer)
1) Log in to the graph explorer with a Global Admin account by clicking the "Sign in with Microsoft" button.
2) Make a GET call > https://graph.microsoft.com/beta/users/USERNAME@YOUR_TENANT.onmicrosoft.com?$select=accountEnabled
If you want to fetch this information about all users in your tenant, you can use https://graph.microsoft.com/beta/users?$select=displayname,accountEnabled
Thanks @Marilee Turscak-MSFT .
There is the feedback I received from internal team: "Was aware of the AccountEnabled flag. Unfortunately, SmartLockout doesn't set the accountEnabled flag for Azure AD B2C.
The blockcredential attribute is only applicable to Microsoft 365 user accounts and is not listed as an Azure AD B2C user attribute."
Looks like those two properties won't help with this requirement.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 76%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDY%3C/text%3E%3C/svg%3E)
Smart Lockout is not setting AccountEnabled flag to False. Is there a possible solution for this scenario