Export a List of All Disabled Users in M365

Native Solution

Microsoft 365 Permission Required

High

Global Administrator or any other privileged admin role.

Option 1 Using Microsoft 365 Admin Center

Login to the Microsoft 365 admin center.
Navigate to Users»Active Users to view all the active users in Microsoft 365.
Now, in the Active Users page, click on the filter option and select "Sign-in Blocked" to filter disabled users in Azure active directory.

Option 2 Using Windows PowerShell

Connect to Microsoft Graph PowerShell using the below cmdlet.

Windows PowerShell

 Connect-MgGraph -Scopes "User.Read.All"

Run the below cmdlet to get all the disabled users using PowerShell.

Windows PowerShell

 Get-MgUser -Filter "accountEnabled eq false" | select DisplayName,Mail,UserPrincipalName

Here, you’ll find the list of disabled users in Microsoft 365.

AdminDroid Solution

This report and 150+ more reports are under free editionFREE

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid Office 365 Reporter

Login to the AdminDroid Office 365 reporter.
Navigate to the Disabled Users report under Reports»Azure AD»User Reports.

By utilizing the above report, you can easily find the disabled users in Microsoft 365. Additionally, you can get insights on their sign-in status, job title, department, etc.

In addition, the report includes built-in graphs that specifically show the overall count of disabled users along with their license statuses.

Explore a full range of reporting options

Empower secure access with proactive disabled user management in Azure AD!

Ease the burden of monitoring disabled users across Azure AD! Gain insights into disabled users management with AdminDroid's Azure AD user reports.

Witness the report in action using the

Live Demo

Important Tips

Strengthen your security measures by limiting users' access to the Azure AD to safeguard your organization from potential security threats.

Implement Office 365 offboarding practices while removing permanent or long-term disabled users to avoid any data leakage.

Monitor the last logon time of Microsoft 365 users to efficiently review and disable accounts, preventing unnecessary access.

Azure ADEnhance Security Measures with Effective Management of Disabled User Accounts in Microsoft 365

Showing 1 of 4

How to disable inactive users in Microsoft 365? How to check who disabled a user in Microsoft 365? How to remove Microsoft 365 license when a user account is disabled? How to enable a disabled user account in Microsoft 365?

How to disable inactive users in Microsoft 365?

Identifying stale Microsoft 365 accounts is essential for optimizing license usage and maintaining security.

Disable a User Account in Microsoft 365 Admin Center

Login to the Microsoft 365 admin center using your administrator account.
Navigate to the Users»Active Users and click on the desired user.
In user's account settings, click ‘Block sign-in’ to disable a user in Microsoft 365.

Additionally, you have the option to revoke all active sessions of required user by choosing "Sign out of all sessions" in the users’ account settings. This action will make a user sign-out from all the current sessions of Microsoft 365 services.

Disable a User Account Using Graph PowerShell

Run the below cmdlet to create a new SharePoint site collection using PowerShell.

Update-Mguser -UserId "User Principal Name" -AccountEnabled:$false

Following these steps will effectively disable the user's access to Microsoft 365 services. If they attempt to login again, they will receive a message instructing them to contact support for assistance.

AdminDroid’s Disabled Users Login Attempts report simplifies auditing the sign-in attempts carried out by disabled Microsoft 365 users.

The alerting feature with the bell icon 🔔 offers prompt alert notifications whenever login attempts are made by disabled users within your Microsoft 365 environment. In addition, explore the functionality of customizing columns for enhanced visibility within reports.

How to check who disabled a user in Microsoft 365?

Monitoring disabled user actions and identifying who disabled it is crucial for maintaining security within Microsoft 365 environment. Finding the user who is responsible for the change allows you to promptly address any unauthorized actions and ensure proper access controls in your organization.

To identify who disabled a user, you can simply access Office 365 audit logs within the Microsoft Purview portal. However, it's crucial to ensure that audit logging is enabled for your organization to effectively monitor both user and admin activities.

Once auditing is enabled, you can initiate audit log search on the Purview Portal using the steps below.

Login to the Microsoft 365 Purview portal.
Navigate to the ‘Audit Page’ under Solutions.
Now, provide the Date range and select ‘Azure Active Directory’ in the workload section. Then, click on "Search" to start the search.
Once the search is completed, open the result and click on the Export button to initiate the export process.
After the completion of the Export process, click on the download file that results.
Open the downloaded file and apply a 'filter' to the “Operation” column and search for Disable Account entries.

Once the filter has been applied, review the 'AuditData' column to check the details about a disabled Microsoft 365 user account. Also, check the 'UserId' column to identify who disabled the account.

Auditing the user disabling activities can be a time-consuming task as it involves several manual steps in native solution.

Using AdminDroid's Audit Sign-in Disabled Users report, you can easily monitor the events of sign-in blocked users and admins who disabled the user, along with precise timestamps indicating when a user was disabled.

Moreover, the report includes built-in graphs that specifically show the number of disabling actions being performed by a specific user. For instance, you can easily identify a specific user with a high number of disabling activities.
Additionally, if you wish to email these report, simply click the Email this report now button. This will enable you to email the reports instantly to your chosen recipients in preferred formats (HTML, PDF, CSV, XLS, XLXS, RAW).

How to remove Microsoft 365 license when a user account is disabled?

When disabling accounts, it's important to remove any associated licenses to avoid continuous charges for unused Microsoft 365 services. Otherwise, inactive user accounts with assigned licenses can burden the organization with ongoing expenses.

Identify the Disabled Users with Active Licenses in Admin Center

Follow these steps to find the users with disabled accounts but active licenses through admin center.

Login to the Microsoft 365 admin center.
Navigate to the Users»Active Users.
In the Active Users page, use the filter option located at the top of the page and choose "Sign-in Blocked". This will filter the list of disabled users.
After filtering, utilize the license column to verify their license status.

Remove a License from Azure Active Directory Portal

Follow these steps to remove licenses through the Azure Active Directory Portal.

Go to the Microsoft Entra admin center.
Navigate to Identity and choose 'Users' from the left navigation pane.
Then, select the required user in the All users page whose license you want to revoke.
Proceed to 'Licenses' on the left-hand menu and select the desired license.
Then, confirm the action by clicking Remove license.

Remove a License Using Graph PowerShell

Run the below cmdlet to revoke license of the required disabled user.

Set-MgUserLicense -UserId <enteruserID> -RemoveLicenses@("EnterSku-ID") -AddLicenses@{}

Monitoring license revocation activities using the native solution might potentially cause delays.

With AdminDroid’s Licenses can be Regained report, you can easily track Office 365 licenses assigned for sign-in disabled users in your tenant.

Furthermore, with License Revoking Activities report, you can gain detailed insights into revoked licenses, plans, and revoked time. This enhances efficiency in license management and cost optimization.
Pro-Tip: To view the failed actions when revoking the license, utilize the 'easy filter' option by selecting 'Result Status = Failed.' Additionally, set the filters to 'Succeeded' to observe all successful license revocation activities.

How to enable a disabled user account in Microsoft 365?

When an employee with disabled user account needs prompt access to their Microsoft 365 resources, enabling their account will ensure that they can seamlessly resume work without any interruptions.

These steps not only enhance their productivity but also maintains smooth workflow and compliance with organizational regulations.

Enable a Disabled User Account in Microsoft 365

Login to the Microsoft 365 admin center using your administrator account.
Navigate to the Users»Active Users to find the disabled user account.
Select the disabled user account, to open their properties pane. Look for the “Sign-in blocked” message below the username and click on the Unblock sign-in button.
On the next screen, uncheck the Block this user from signing in checkbox. Then, click 'Save changes' to apply the new settings.
Once done, the user will regain access to Office 365 services. You can confirm the unblocking by checking the “Account” tab, where “Unblock sign in” button should now be replaced with “Block sign in”.

Note📝 If the account was blocked due to password expiration, you may need to assist the user in resetting their password either through the Microsoft 365 admin center or using PowerShell commands.

However, the native solution lacks a straightforward method to monitor re-enabled users. It might have additional operations to be performed in unified audit logs, which can be time-consuming.

Using AdminDroid’s Audit Sign-in Re-enabled Users report, you can easily view the list of all re-enabled users in Office 365 along with the enabled action details.

In addition, if you wish you can easily export all the sign-in re-enabled users to CSV and other formats according to your preferences.
Moreover, you have the flexibility to schedule these filtered reports for regular checks at your preferred frequency – be it daily, weekly, or monthly – ensuring compliance and enabling prompt action against any unauthorized usage. Stay ahead of the game with AdminDroid!

AdminDroid Azure AD User ReportingMaster Microsoft 365 security by handling disabled user accoutns like a pro!

Introducing AdminDroid's Microsoft 365 reporting tool, a game-changer for admins seeking robust insights into disabled users' activities within Azure AD. This tool offers unparalleled visibility into disabled user accounts to effectively manage user access and security within your organization.

The Reasons behind utilizing AdminDroid’s advanced capabilities are outlined below:

The Disabled Users report provides you a comprehensive overview of sign-in blocked users within your Microsoft 365 environment. It’ll help you in taking decisions on license removal or user re-activation.

A Quick Dive into the Functionalities

Identify and Disable Users with Prolonged Inactivity

Monitor inactive users in Microsoft 365 closely to prevent security risks and optimize organizational resources by promptly disabling them when necessary.

Visualize Microsoft 365 Disabled Users

Gain insights into disabled user data through user interactive dashboards, facilitating comprehensive analysis and decision-making.

Automated Reports for Deleted Users Monitoring

Streamline your workflow by utilizing scheduled reports and receiving regular updates on recently deleted users in Microsoft 365, simplifying user management tasks.

Streamlined Auditing for Disabled Users

Simplify user auditing with comprehensive Azure AD audit reports including the disabled users' activities, ensuring thorough oversight without excessive complexity.

Track Admin Role Assignments for Disabled Users

Review a user's admin role assignments and administrative activities within Microsoft 365 before disabling a user account in Azure AD.

Staying Vigilant against Unauthorized User Access

Remain vigilant against unauthorized logins from different locations and Azure risky sign-ins, including disabled users and implement security measures to prevent potential threats.

In summary, AdminDroid streamlines the user management process, making it easier for admins to manage and report on user statuses. Additionally, keeping an eye on Azure AD sign-in logs helps to prevent attackers from gaining access to your Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps related to Disabled Users in Microsoft 365

The following are the possible errors and troubleshooting hints while getting all Disabled Users in Office 365.

Error: Get-MgUser: The term 'Get-MgUser' is not recognized as the name of a cmdlet.

This error occurs when the required Microsoft Graph PowerShell module is not installed.

Troubleshooting hint :Run the below cmdlet for installing Microsoft Graph PowerShell module.

Install-Module -Name Microsoft.Graph -Force -AllowClobber

Error: Get-MgUser : One or more errors occurred.

This error typically occurs when you have multiple versions of the MS Graph PowerShell module installed.

Troubleshooting hint :

// Run the below cmdlet to identify the available versions of the MS Graph PowerShell module.
Get-Module -Name Microsoft.Graph -ListAvailable
// To uninstall the Microsoft Graph PowerShell, follow the below procedure.
Uninstall-Module -Name "Microsoft.Graph" -RequiredVersion <Version_To_Be_Uninstalled> -Force

Error: Your account has been locked. Contact your support person to unlock it, then try again.

This error occurs when a user's account has been disabled for certain reasons.

Troubleshooting hint :Contact your support person or system administrator to unlock your account. If you're an admin and ready to reactivate a disabled account, run the following cmdlet to enable the user account.

Set-AzureADUser -ObjectID "UserAccount" -AccountEnabled $True

Error: Error AADSTS50057: User account is disabled.

This error indicates that the user account being used for authentication is currently disabled in Azure Active Directory.

Troubleshooting hint :Check for any policies or conditions in Azure Active Directory that might have led to the user account being disabled, such as account expiration or administrative actions.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Find Disabled Users in Microsoft 365