How to deactivate the account of a user who has not logged in more than 60 days in AZURE AD

Julio Vaz 1 Reputation point
2020-08-27T21:54:04.75+00:00

Hi friends of this respected forum

I really need your help

We have services that use AZURE AD exclusively in the free version, I need you to run some routine every day to identify users who do not log in more than 60 days and when identifying these users disable the account of these users who do not oogam more than 60 days in AZURE AD
How to deactivate the account of a user who has not logged in more than 60 days in AZURE AD

Important: We only use AZURE Active Directory and have not integrated with AD onprimisses.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,382 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 147.6K Reputation points MVP
    2020-08-27T22:27:44.847+00:00

    If I was doing this, I would grab this script and modify it for my needs:

    https://gallery.technet.microsoft.com/scriptcenter/Report-on-Azure-AD-Stale-8e64c1c5

    then set the "stale time"I wanted
    and set the filter to member instead of guest

    $Filter = "UserType eq 'Member'"
    $Guests = Get-AzureADUser -All $true -Filter $Filter

    Run it and now you have a list of people who haven't logged from that csv.

    then run: 

    Import-csv <output.csv> |% {Get-AzureADUser -ObjectId $_.ObjectID | Set-AzureADUser -AccountEnabled $false}
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.