With AAD Graph ending how are we supposed to disable user accounts using MS graph?

Lee, Chris 1 Reputation point
2022-08-17T07:15:16.37+00:00

Hi All,

We are trying to migrate all our powershell code from AAD to MS Graph, but the MS Graph disable account feature does not work for an application registration.
Our existing code uses Set-AzureADUser -ObjectId "Object-ID" -AccountEnabled $false/$true
Which works fine, but now need to use MSGraph before the November termination of AAD Graph. What are we supposed to use to do this?
This is now a pretty urgent request as we have only a few months left before this stops working and there appears to be no solution from Microsoft.

Thank you and regards,
Chris

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,014 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,173 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 113.4K Reputation points MVP
    2022-08-17T07:25:40.853+00:00

    You can update the accountEnabled property just fine via the MS Graph and/or the Update-MgUser PowerShell cmdlet. Both delegate and application permissions are supported. Here's an example on how to do it in an application context via the PowerShell module:

    Connect-MgGraph -ClientId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -CertificateThumbprint "xxxxxxxxxxxxxxxxxxxxxxxx" -TenantId tenant.onmicrosoft.com  
    Update-MgUser -UserId c410b78d-xxxx-xxxx-xxxx-0615a47b07df -AccountEnabled:$false  
    

    The only exception here is updating privileged accounts, for that you need to have the GA or Privileged auth admin role assigned to the service principal. But that's no different from the AAD requirements.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.