Azure AD

How to Find Disabled Users in Microsoft 365

Are you struggling to keep track of disabled users in your organization? Neglecting these accounts can pose security risks and license management complications, such as accumulating unused licenses. Don’t worry! This guide will help you easily identify and manage disabled accounts in your Microsoft 365 environment, ensuring tighter security and smoother operations.

Using Microsoft 365 Admin Center

Microsoft 365 Permission Required

Global Administrator or any other privileged admin role.

Login to the Microsoft 365 admin center.
Navigate to Users»Active Users to view all the active users in Microsoft 365.
Now, in the Active Users page, click on the filter option and select "Sign-in Blocked" to filter disabled users in Azure active directory.

Using Windows PowerShell

Microsoft 365 Permission Required

Global Administrator or any other privileged admin role.

Connect to Microsoft Graph PowerShell using the below cmdlet.

Windows PowerShell

 Connect-MgGraph -Scopes "User.Read.All"

Run the below cmdlet to get all the disabled users using PowerShell.

Windows PowerShell

 Get-MgUser -Filter "accountEnabled eq false" | select DisplayName,Mail,UserPrincipalName

Here, you’ll find the list of disabled users in Microsoft 365.

Using AdminDroid Office 365 Reporter
Simple & Quick

AdminDroid Permission Required Delegated

Any user with report access delegated by the Super Admin.

Login to the AdminDroid Office 365 reporter.
Navigate to the Disabled Users report under Reports»Azure AD»User Reports.

AdminDroid Azure AD User Reporting

Master Microsoft 365 security by handling disabled user accoutns like a pro!

Introducing AdminDroid's Microsoft 365 reporting tool, a game-changer for admins seeking robust insights into disabled users' activities within Azure AD. This tool offers unparalleled visibility into disabled user accounts to effectively manage user access and security within your organization.

Identify and Disable Users with Prolonged Inactivity

Monitor inactive users in Microsoft 365 closely to prevent security risks and optimize organizational resources by promptly disabling them when necessary.

Visualize Microsoft 365 Disabled Users

Gain insights into disabled user data through user interactive dashboards, facilitating comprehensive analysis and decision-making.

Automated Reports for Deleted Users Monitoring

Streamline your workflow by utilizing scheduled reports and receiving regular updates on recently deleted users in Microsoft 365, simplifying user management tasks.

Streamlined Auditing for Disabled Users

Simplify user auditing with comprehensive Azure AD audit reports including the disabled users' activities, ensuring thorough oversight without excessive complexity.

Track Admin Role Assignments for Disabled Users

Review a user's admin role assignments and administrative activities within Microsoft 365 before disabling a user account in Azure AD.

Staying Vigilant against Unauthorized User Access

Remain vigilant against unauthorized logins from different locations and Azure risky sign-ins, including disabled users and implement security measures to prevent potential threats.

In summary, AdminDroid streamlines the user management process, making it easier for admins to manage and report on user statuses. Additionally, keeping an eye on Azure AD sign-in logs helps to prevent attackers from gaining access to your Microsoft 365 environment.

Explore a full range of reporting options

Download Live Demo

Important Tips

Strengthen your security measures by limiting users' access to the Azure AD to safeguard your organization from potential security threats.

Implement Office 365 offboarding practices while removing permanent or long-term disabled users to avoid any data leakage.

Monitor the last logon time of Microsoft 365 users to efficiently review and disable accounts, preventing unnecessary access.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while getting all Disabled Users in Office 365.

Error Get-MgUser: The term 'Get-MgUser' is not recognized as the name of a cmdlet.

This error occurs when the required Microsoft Graph PowerShell module is not installed.

Fix Run the below cmdlet for installing Microsoft Graph PowerShell module.

Install-Module -Name Microsoft.Graph -Force -AllowClobber

Error Get-MgUser : One or more errors occurred.

This error typically occurs when you have multiple versions of the MS Graph PowerShell module installed.

Fix

// Run the below cmdlet to identify the available versions of the MS Graph PowerShell module.
Get-Module -Name Microsoft.Graph -ListAvailable
// To uninstall the Microsoft Graph PowerShell, follow the below procedure.
Uninstall-Module -Name "Microsoft.Graph" -RequiredVersion <Version_To_Be_Uninstalled> -Force

Error Your account has been locked. Contact your support person to unlock it, then try again.

This error occurs when a user's account has been disabled for certain reasons.

Fix Contact your support person or system administrator to unlock your account. If you're an admin and ready to reactivate a disabled account, run the following cmdlet to enable the user account.

Set-AzureADUser -ObjectID "UserAccount" -AccountEnabled $True

Error Error AADSTS50057: User account is disabled.

This error indicates that the user account being used for authentication is currently disabled in Azure Active Directory.

Fix Check for any policies or conditions in Azure Active Directory that might have led to the user account being disabled, such as account expiration or administrative actions.

Azure AD

Frequently Asked Questions

Enhance Security Measures with Effective Management of Disabled User Accounts in Microsoft 365

How to disable inactive users in Microsoft 365?

Identifying stale Microsoft 365 accounts is essential for optimizing license usage and maintaining security.

Disable a User Account in Microsoft 365 Admin Center

Login to the Microsoft 365 admin center using your administrator account.
Navigate to the Users»Active Users and click on the desired user.
In user's account settings, click ‘Block sign-in’ to disable a user in Microsoft 365.

Additionally, you have the option to revoke all active sessions of required user by choosing "Sign out of all sessions" in the users’ account settings. This action will make a user sign-out from all the current sessions of Microsoft 365 services.

Disable a User Account Using Graph PowerShell

Run the below cmdlet in Graph PowerShell to block the user from signing into Microsoft 365.

Update-Mguser -UserId "User Principal Name" -AccountEnabled:$false

Following these steps will effectively disable the user's access to Microsoft 365 services. If they attempt to login again, they will receive a message instructing them to contact support for assistance.

AdminDroid’s Disabled Users Login Attempts report simplifies auditing the sign-in attempts carried out by disabled Microsoft 365 users.

The alerting feature with the bell icon 🔔 offers prompt alert notifications whenever login attempts are made by disabled users within your Microsoft 365 environment. In addition, explore the functionality of customizing columns for enhanced visibility within reports.

How to check who disabled a user in Microsoft 365?

Monitoring disabled user actions and identifying who disabled it is crucial for maintaining security within Microsoft 365 environment. Finding the user who is responsible for the change allows you to promptly address any unauthorized actions and ensure proper access controls in your organization.

To identify who disabled a user, you can simply access Office 365 audit logs within the Microsoft Purview portal. However, it's crucial to ensure that audit logging is enabled for your organization to effectively monitor both user and admin activities.

Once auditing is enabled, you can initiate audit log search on the Purview Portal using the steps below.

Login to the Microsoft 365 Purview portal.
Navigate to the ‘Audit Page’ under Solutions.
Now, provide the Date range and select ‘Azure Active Directory’ in the workload section. Then, click on "Search" to start the search.
Once the search is completed, open the result and click on the Export button to initiate the export process.
After the completion of the Export process, click on the download file that results.
Open the downloaded file and apply a 'filter' to the “Operation” column and search for Disable Account entries.

Once the filter has been applied, review the 'AuditData' column to check the details about a disabled Microsoft 365 user account. Also, check the 'UserId' column to identify who disabled the account.

Auditing the user disabling activities can be a time-consuming task as it involves several manual steps in native solution.

Using AdminDroid's Audit Sign-in Disabled Users report, you can easily monitor the events of sign-in blocked users and admins who disabled the user, along with precise timestamps indicating when a user was disabled.

Moreover, the report includes built-in graphs that specifically show the number of disabling actions being performed by a specific user. For instance, you can easily identify a specific user with a high number of disabling activities.
Additionally, if you wish to email these report, simply click the Email this report now button. This will enable you to email the reports instantly to your chosen recipients in preferred formats (HTML, PDF, CSV, XLS, XLXS, RAW).

How to remove Microsoft 365 license when a user account is disabled?

When disabling accounts, it's important to remove any associated licenses to avoid continuous charges for unused Microsoft 365 services. Otherwise, inactive user accounts with assigned licenses can burden the organization with ongoing expenses.

Identify the Disabled Users with Active Licenses in Admin Center

Follow these steps to find the users with disabled accounts but active licenses through admin center.

Login to the Microsoft 365 admin center.
Navigate to the Users»Active Users.
In the Active Users page, use the filter option located at the top of the page and choose "Sign-in Blocked". This will filter the list of disabled users.
After filtering, utilize the license column to verify their license status.

Remove a License from Azure Active Directory Portal

Follow these steps to remove licenses through the Azure Active Directory Portal.

Go to the Microsoft Entra admin center.
Navigate to Identity and choose 'Users' from the left navigation pane.
Then, select the required user in the All users page whose license you want to revoke.
Proceed to 'Licenses' on the left-hand menu and select the desired license.
Then, confirm the action by clicking Remove license.

Remove a License Using Graph PowerShell

Run the below cmdlet to revoke license of the required disabled user.

Set-MgUserLicense -UserId <enteruserID> -RemoveLicenses@("EnterSku-ID") -AddLicenses@{}

Monitoring license revocation activities using the native solution might potentially cause delays.

With AdminDroid’s Licenses can be Regained report, you can easily track Office 365 licenses assigned for sign-in disabled users in your tenant.

Furthermore, with License Revoking Activities report, you can gain detailed insights into revoked licenses, plans, and revoked time. This enhances efficiency in license management and cost optimization.
Pro-Tip: To view the failed actions when revoking the license, utilize the 'easy filter' option by selecting 'Result Status = Failed.' Additionally, set the filters to 'Succeeded' to observe all successful license revocation activities.

How to enable a disabled user account in Microsoft 365?

When an employee with disabled user account needs prompt access to their Microsoft 365 resources, enabling their account will ensure that they can seamlessly resume work without any interruptions.

These steps not only enhance their productivity but also maintains smooth workflow and compliance with organizational regulations.

Enable a Disabled User Account in Microsoft 365

Login to the Microsoft 365 admin center using your administrator account.
Navigate to the Users»Active Users to find the disabled user account.
Select the disabled user account, to open their properties pane. Look for the “Sign-in blocked” message below the username and click on the Unblock sign-in button.
On the next screen, uncheck the Block this user from signing in checkbox. Then, click 'Save changes' to apply the new settings.
Once done, the user will regain access to Office 365 services. You can confirm the unblocking by checking the “Account” tab, where “Unblock sign in” button should now be replaced with “Block sign in”.

Note📝 If the account was blocked due to password expiration, you may need to assist the user in resetting their password either through the Microsoft 365 admin center or using PowerShell commands.

However, the native solution lacks a straightforward method to monitor re-enabled users. It might have additional operations to be performed in unified audit logs, which can be time-consuming.

Using AdminDroid’s Audit Sign-in Re-enabled Users report, you can easily view the list of all re-enabled users in Office 365 along with the enabled action details.

In addition, if you wish you can easily export all the sign-in re-enabled users to CSV and other formats according to your preferences.
Moreover, you have the flexibility to schedule these filtered reports for regular checks at your preferred frequency – be it daily, weekly, or monthly – ensuring compliance and enabling prompt action against any unauthorized usage. Stay ahead of the game with AdminDroid!