🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Find Disabled Users in Microsoft 365

Are you struggling to keep track of disabled users in your organization? Neglecting these accounts can pose security risks and license management complications, such as accumulating unused licenses. Don’t worry! This guide will help you easily identify and manage disabled accounts in your Microsoft 365 environment, ensuring tighter security and smoother operations.

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or any other privileged admin role.

Option 1 Using Microsoft 365 Admin Center

  • Login to the Microsoft 365 admin center.
  • Navigate to Users»Active Users to view all the active users in Microsoft 365.
  • Now, in the Active Users page, click on the filter option and select "Sign-in Blocked" to filter disabled users in Azure active directory.
Using Microsoft 365 Admin Center

Option 2 Using Windows PowerShell

  • Connect to Microsoft Graph PowerShell using the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-MgGraph -Scopes "User.Read.All"
  • Run the below cmdlet to get all the disabled users using PowerShell.
  • Windows PowerShell Windows PowerShell
     Get-MgUser -Filter "accountEnabled eq false" | select DisplayName,Mail,UserPrincipalName
Using Windows PowerShell
  • Here, you’ll find the list of disabled users in Microsoft 365.
AdminDroid Solution
This report and 150+ more reports are under free editionFREE

AdminDroid Permission Required

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid Office 365 Reporter

ad
  • Login to the AdminDroid Office 365 reporter.
  • Navigate to the Disabled Users report under Reports»Azure AD»User Reports.
Using AdminDroid Office 365 Reporter

By utilizing the above report, you can easily find the disabled users in Microsoft 365. Additionally, you can get insights on their sign-in status, job title, department, etc.

disabled-users-graph
  • In addition, the report includes built-in graphs that specifically show the overall count of disabled users along with their license statuses.

Empower secure access with proactive disabled user management in Azure AD!

Ease the burden of monitoring disabled users across Azure AD! Gain insights into disabled users management with AdminDroid's Azure AD user reports.

Witness the report in action using the

Azure ADEnhance Security Measures with Effective Management of Disabled User Accounts in Microsoft 365

Showing 1 of 4

How to disable inactive users in Microsoft 365?

Identifying stale Microsoft 365 accounts is essential for optimizing license usage and maintaining security.

Disable a User Account in Microsoft 365 Admin Center

  • Login to the Microsoft 365 admin center using your administrator account.
  • Navigate to the Users»Active Users and click on the desired user.
  • In user's account settings, click ‘Block sign-in’ to disable a user in Microsoft 365.
block-sign-in

Additionally, you have the option to revoke all active sessions of required user by choosing "Sign out of all sessions" in the users’ account settings. This action will make a user sign-out from all the current sessions of Microsoft 365 services.

Disable a User Account Using Graph PowerShell

Run the below cmdlet in Graph PowerShell to block the user from signing into Microsoft 365.

Update-Mguser -UserId "User Principal Name" -AccountEnabled:$false

Following these steps will effectively disable the user's access to Microsoft 365 services. If they attempt to login again, they will receive a message instructing them to contact support for assistance.

AdminDroid’s Disabled Users Login Attempts report simplifies auditing the sign-in attempts carried out by disabled Microsoft 365 users.

  • The alerting feature with the bell icon 🔔 offers prompt alert notifications whenever login attempts are made by disabled users within your Microsoft 365 environment. In addition, explore the functionality of customizing columns for enhanced visibility within reports.
login-attempts

How to check who disabled a user in Microsoft 365?

Monitoring disabled user actions and identifying who disabled it is crucial for maintaining security within Microsoft 365 environment. Finding the user who is responsible for the change allows you to promptly address any unauthorized actions and ensure proper access controls in your organization.

To identify who disabled a user, you can simply access Office 365 audit logs within the Microsoft Purview portal. However, it's crucial to ensure that audit logging is enabled for your organization to effectively monitor both user and admin activities.

Once auditing is enabled, you can initiate audit log search on the Purview Portal using the steps below.

  • Login to the Microsoft 365 Purview portal.
  • Navigate to the ‘Audit Page’ under Solutions.
  • Now, provide the Date range and select ‘Azure Active Directory’ in the workload section. Then, click on "Search" to start the search.
  • Once the search is completed, open the result and click on the Export button to initiate the export process.
  • After the completion of the Export process, click on the download file that results.
  • Open the downloaded file and apply a 'filter' to the “Operation” column and search for Disable Account entries.

Once the filter has been applied, review the 'AuditData' column to check the details about a disabled Microsoft 365 user account. Also, check the 'UserId' column to identify who disabled the account.

Auditing the user disabling activities can be a time-consuming task as it involves several manual steps in native solution.

Using AdminDroid's Audit Sign-in Disabled Users report, you can easily monitor the events of sign-in blocked users and admins who disabled the user, along with precise timestamps indicating when a user was disabled.

  • Moreover, the report includes built-in graphs that specifically show the number of disabling actions being performed by a specific user. For instance, you can easily identify a specific user with a high number of disabling activities.
  • Additionally, if you wish to email these report, simply click the Email this report now button. This will enable you to email the reports instantly to your chosen recipients in preferred formats (HTML, PDF, CSV, XLS, XLXS, RAW).
disabled-by-report

How to remove Microsoft 365 license when a user account is disabled?

When disabling accounts, it's important to remove any associated licenses to avoid continuous charges for unused Microsoft 365 services. Otherwise, inactive user accounts with assigned licenses can burden the organization with ongoing expenses.

Identify the Disabled Users with Active Licenses in Admin Center

Follow these steps to find the users with disabled accounts but active licenses through admin center.

  • Login to the Microsoft 365 admin center.
  • Navigate to the Users»Active Users.
  • In the Active Users page, use the filter option located at the top of the page and choose "Sign-in Blocked". This will filter the list of disabled users.
  • After filtering, utilize the license column to verify their license status.

Remove a License from Azure Active Directory Portal

Follow these steps to remove licenses through the Azure Active Directory Portal.

  • Go to the Microsoft Entra admin center.
  • Navigate to Identity and choose 'Users' from the left navigation pane.
  • Then, select the required user in the All users page whose license you want to revoke.
  • Proceed to 'Licenses' on the left-hand menu and select the desired license.
  • Then, confirm the action by clicking Remove license.

Remove a License Using Graph PowerShell

Run the below cmdlet to revoke license of the required disabled user.

Set-MgUserLicense -UserId <enteruserID> -RemoveLicenses@("EnterSku-ID") -AddLicenses@{} 

Monitoring license revocation activities using the native solution might potentially cause delays.

With AdminDroid’s Licenses can be Regained report, you can easily track Office 365 licenses assigned for sign-in disabled users in your tenant.

  • Furthermore, with License Revoking Activities report, you can gain detailed insights into revoked licenses, plans, and revoked time. This enhances efficiency in license management and cost optimization.
  • Pro-Tip: To view the failed actions when revoking the license, utilize the 'easy filter' option by selecting 'Result Status = Failed.' Additionally, set the filters to 'Succeeded' to observe all successful license revocation activities.
revoking-license

How to enable a disabled user account in Microsoft 365?

When an employee with disabled user account needs prompt access to their Microsoft 365 resources, enabling their account will ensure that they can seamlessly resume work without any interruptions.

These steps not only enhance their productivity but also maintains smooth workflow and compliance with organizational regulations.

Enable a Disabled User Account in Microsoft 365

  • Login to the Microsoft 365 admin center using your administrator account.
  • Navigate to the Users»Active Users to find the disabled user account.
  • Select the disabled user account, to open their properties pane. Look for the “Sign-in blocked” message below the username and click on the Unblock sign-in button.
  • On the next screen, uncheck the Block this user from signing in checkbox. Then, click 'Save changes' to apply the new settings.
  • Once done, the user will regain access to Office 365 services. You can confirm the unblocking by checking the “Account” tab, where “Unblock sign in” button should now be replaced with “Block sign in”.

Note📝 If the account was blocked due to password expiration, you may need to assist the user in resetting their password either through the Microsoft 365 admin center or using PowerShell commands.

  • However, the native solution lacks a straightforward method to monitor re-enabled users. It might have additional operations to be performed in unified audit logs, which can be time-consuming.

Using AdminDroid’s Audit Sign-in Re-enabled Users report, you can easily view the list of all re-enabled users in Office 365 along with the enabled action details.

  • In addition, if you wish you can easily export all the sign-in re-enabled users to CSV and other formats according to your preferences.
  • Moreover, you have the flexibility to schedule these filtered reports for regular checks at your preferred frequency – be it daily, weekly, or monthly – ensuring compliance and enabling prompt action against any unauthorized usage. Stay ahead of the game with AdminDroid!
re-enabled-users

AdminDroid Azure AD User ReportingMaster Microsoft 365 security by handling disabled user accoutns like a pro!

Introducing AdminDroid's Microsoft 365 reporting tool, a game-changer for admins seeking robust insights into disabled users' activities within Azure AD. This tool offers unparalleled visibility into disabled user accounts to effectively manage user access and security within your organization.

The Reasons behind utilizing AdminDroid’s advanced capabilities are outlined below:

The Disabled Users report provides you a comprehensive overview of sign-in blocked users within your Microsoft 365 environment. It’ll help you in taking decisions on license removal or user re-activation.

A Quick Dive into the Functionalities

Identify and Disable Users with Prolonged Inactivity

Monitor inactive users in Microsoft 365 closely to prevent security risks and optimize organizational resources by promptly disabling them when necessary.

Visualize Microsoft 365 Disabled Users

Gain insights into disabled user data through user interactive dashboards, facilitating comprehensive analysis and decision-making.

Automated Reports for Deleted Users Monitoring

Streamline your workflow by utilizing scheduled reports and receiving regular updates on recently deleted users in Microsoft 365, simplifying user management tasks.

Streamlined Auditing for Disabled Users

Simplify user auditing with comprehensive Azure AD audit reports including the disabled users' activities, ensuring thorough oversight without excessive complexity.

Track Admin Role Assignments for Disabled Users

Review a user's admin role assignments and administrative activities within Microsoft 365 before disabling a user account in Azure AD.

Staying Vigilant against Unauthorized User Access

Remain vigilant against unauthorized logins from different locations and Azure risky sign-ins, including disabled users and implement security measures to prevent potential threats.

In summary, AdminDroid streamlines the user management process, making it easier for admins to manage and report on user statuses. Additionally, keeping an eye on Azure AD sign-in logs helps to prevent attackers from gaining access to your Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps related to Disabled Users in Microsoft 365

The following are the possible errors and troubleshooting hints while getting all Disabled Users in Office 365.

Error: Get-MgUser: The term 'Get-MgUser' is not recognized as the name of a cmdlet.

This error occurs when the required Microsoft Graph PowerShell module is not installed.

Troubleshooting hint :Run the below cmdlet for installing Microsoft Graph PowerShell module.

Install-Module -Name Microsoft.Graph -Force -AllowClobber

Error: Get-MgUser : One or more errors occurred.

This error typically occurs when you have multiple versions of the MS Graph PowerShell module installed.

Troubleshooting hint :

// Run the below cmdlet to identify the available versions of the MS Graph PowerShell module.
Get-Module -Name Microsoft.Graph -ListAvailable
// To uninstall the Microsoft Graph PowerShell, follow the below procedure.
Uninstall-Module -Name "Microsoft.Graph" -RequiredVersion <Version_To_Be_Uninstalled> -Force

Error: Your account has been locked. Contact your support person to unlock it, then try again.

This error occurs when a user's account has been disabled for certain reasons.

Troubleshooting hint :Contact your support person or system administrator to unlock your account. If you're an admin and ready to reactivate a disabled account, run the following cmdlet to enable the user account.

Set-AzureADUser -ObjectID "UserAccount" -AccountEnabled $True

Error: Error AADSTS50057: User account is disabled.

This error indicates that the user account being used for authentication is currently disabled in Azure Active Directory.

Troubleshooting hint :Check for any policies or conditions in Azure Active Directory that might have led to the user account being disabled, such as account expiration or administrative actions.