Azure B2C - API to verify smart lock on user accounts?

Eliot Chen 86 Reputation points
2022-02-09T22:24:59.687+00:00

Is it possible to detect / by notified a Smart lockout has occurred on a user account, for instance an API to call that returns a value denoting the user account was temporarily locked? The intention is to programatically check if an account is locked and trigger a notification to the user on the back of that.

Cheers,

Eliot

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,677 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,626 Reputation points Microsoft Employee
    2022-02-11T01:59:06.067+00:00

    Hi @Eliot Chen ,

    I understand that you are looking for a way to programmatically verify if a user account is locked out via Smart Lockout. While there is not quite an Azure equivalent to the on premises "LockedOut" property, you can check the AccountEnabled or BlockCredential status in Azure AD.

    Get-AzureADUser -UserPrincipalName | Select DisplayName,AccountEnabled  
    
    Get-MsolUser -UserPrincipalName | Select-Object DisplayName,BlockCredential  
    

    If the AccountEnabled attribute is set to "False", you can check also this via Graph API (https://developer.microsoft.com/en-us/graph/graph-explorer)

    1) Log in to the graph explorer with a Global Admin account by clicking the "Sign in with Microsoft" button.

    2) Make a GET call > https://graph.microsoft.com/beta/users/USERNAME@YOUR_TENANT.onmicrosoft.com?$select=accountEnabled

    If you want to fetch this information about all users in your tenant, you can use https://graph.microsoft.com/beta/users?$select=displayname,accountEnabled