🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Find Disabled Users in Microsoft 365

Are you struggling to keep track of disabled users in your organization? Neglecting these accounts can pose security risks and license management complications, such as accumulating unused licenses. Don’t worry! This guide will help you easily identify and manage disabled accounts in your Microsoft 365 environment, ensuring tighter security and smoother operations.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft 365 Admin Center

Microsoft 365 Permission Required
Global Administrator or any other privileged admin role.
  • Login to the Microsoft 365 admin center.
  • Navigate to Users»Active Users to view all the active users in Microsoft 365.
  • Now, in the Active Users page, click on the filter option and select "Sign-in Blocked" to filter disabled users in Azure active directory.
Using Microsoft 365 Admin Center

Using Windows PowerShell

Microsoft 365 Permission Required
Global Administrator or any other privileged admin role.
  • Connect to Microsoft Graph PowerShell using the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-MgGraph -Scopes "User.Read.All"
  • Run the below cmdlet to get all the disabled users using PowerShell.
  • Windows PowerShell Windows PowerShell 
     Get-MgUser -Filter "accountEnabled eq false" | select DisplayName,Mail,UserPrincipalName
Using Windows PowerShell
  • Here, you’ll find the list of disabled users in Microsoft 365.
AdminDroid Azure AD User Reporting

Master Microsoft 365 security by handling disabled user accoutns like a pro!

Introducing AdminDroid's Microsoft 365 reporting tool, a game-changer for admins seeking robust insights into disabled users' activities within Azure AD. This tool offers unparalleled visibility into disabled user accounts to effectively manage user access and security within your organization.

Identify and Disable Users with Prolonged Inactivity

Monitor inactive users in Microsoft 365 closely to prevent security risks and optimize organizational resources by promptly disabling them when necessary.

Visualize Microsoft 365 Disabled Users

Gain insights into disabled user data through user interactive dashboards, facilitating comprehensive analysis and decision-making.

Automated Reports for Deleted Users Monitoring

Streamline your workflow by utilizing scheduled reports and receiving regular updates on recently deleted users in Microsoft 365, simplifying user management tasks.

Streamlined Auditing for Disabled Users

Simplify user auditing with comprehensive Azure AD audit reports including the disabled users' activities, ensuring thorough oversight without excessive complexity.

Track Admin Role Assignments for Disabled Users

Review a user's admin role assignments and administrative activities within Microsoft 365 before disabling a user account in Azure AD.

Staying Vigilant against Unauthorized User Access

Remain vigilant against unauthorized logins from different locations and Azure risky sign-ins, including disabled users and implement security measures to prevent potential threats.

In summary, AdminDroid streamlines the user management process, making it easier for admins to manage and report on user statuses. Additionally, keeping an eye on Azure AD sign-in logs helps to prevent attackers from gaining access to your Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Strengthen your security measures by limiting users' access to the Azure AD to safeguard your organization from potential security threats.

Implement Office 365 offboarding practices while removing permanent or long-term disabled users to avoid any data leakage.

Monitor the last logon time of Microsoft 365 users to efficiently review and disable accounts, preventing unnecessary access.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while getting all Disabled Users in Office 365.

Error Get-MgUser: The term 'Get-MgUser' is not recognized as the name of a cmdlet.

This error occurs when the required Microsoft Graph PowerShell module is not installed.

Fix Run the below cmdlet for installing Microsoft Graph PowerShell module. 
Install-Module -Name Microsoft.Graph -Force -AllowClobber

Error Get-MgUser : One or more errors occurred.

This error typically occurs when you have multiple versions of the MS Graph PowerShell module installed.

Fix 
// Run the below cmdlet to identify the available versions of the MS Graph PowerShell module.
Get-Module -Name Microsoft.Graph -ListAvailable
// To uninstall the Microsoft Graph PowerShell, follow the below procedure.
Uninstall-Module -Name "Microsoft.Graph" -RequiredVersion <Version_To_Be_Uninstalled> -Force

Error Your account has been locked. Contact your support person to unlock it, then try again.

This error occurs when a user's account has been disabled for certain reasons.

Fix Contact your support person or system administrator to unlock your account. If you're an admin and ready to reactivate a disabled account, run the following cmdlet to enable the user account. 
Set-AzureADUser -ObjectID "UserAccount" -AccountEnabled $True

Error Error AADSTS50057: User account is disabled.

This error indicates that the user account being used for authentication is currently disabled in Azure Active Directory.

Fix Check for any policies or conditions in Azure Active Directory that might have led to the user account being disabled, such as account expiration or administrative actions.
Azure AD
Frequently Asked Questions

Enhance Security Measures with Effective Management of Disabled User Accounts in Microsoft 365

How to disable inactive users in Microsoft 365?
How to check who disabled a user in Microsoft 365?
How to remove Microsoft 365 license when a user account is disabled?
How to enable a disabled user account in Microsoft 365?
How to create an alert for Microsoft 365 disabled user login attempts?

1. How to disable inactive users in Microsoft 365?

Identifying stale Microsoft 365 accounts is essential for optimizing license usage and maintaining security.

Disable a User Account in Microsoft 365 Admin Center

  • Login to the Microsoft 365 admin center using your administrator account.
  • Navigate to the Users»Active Users and click on the desired user.
  • In user's account settings, click ‘Block sign-in’ to disable a user in Microsoft 365.
block-sign-in-office-365

Additionally, you have the option to revoke all active sessions of required user by choosing "Sign out of all sessions" in the users’ account settings. This action will make a user sign-out from all the current sessions of Microsoft 365 services.

Disable a User Account Using Graph PowerShell

Run the below cmdlet in Graph PowerShell to block the user from signing into Microsoft 365.

Update-Mguser -UserId "User Principal Name" -AccountEnabled:$false

Following these steps will effectively disable the user's access to Microsoft 365 services. If they attempt to login again, they will receive a message instructing them to contact support for assistance.

2. How to check who disabled a user in Microsoft 365?

Monitoring disabled user actions and identifying who disabled it is crucial for maintaining security within Microsoft 365 environment. Finding the user who is responsible for the change allows you to promptly address any unauthorized actions and ensure proper access controls in your organization.

To identify who disabled a user, you can simply access Office 365 audit logs within the Microsoft Purview portal. However, it's crucial to ensure that audit logging is enabled for your organization to effectively monitor both user and admin activities.

Once auditing is enabled, you can initiate audit log search on the Purview Portal using the steps below.

  • Login to the Microsoft 365 Purview portal.
  • Navigate to the ‘Audit Page’ under Solutions.
  • Now, provide the Date range and select ‘Azure Active Directory’ in the workload section. Then, click on "Search" to start the search.
  • Once the search is completed, open the result and click on the Export button to initiate the export process.
  • After the completion of the Export process, click on the download file that results.
  • Open the downloaded file and apply a 'filter' to the “Operation” column and search for Disable Account entries.

Once the filter has been applied, review the 'AuditData' column to check the details about a disabled Microsoft 365 user account. Also, check the 'UserId' column to identify who disabled the account.

Auditing the user disabling activities can be a time-consuming task as it involves several manual steps in native solution.

Using AdminDroid's Audit Sign-in Disabled Users report, you can easily monitor the events of sign-in blocked users and admins who disabled the user, along with precise timestamps indicating when a user was disabled.

  • Moreover, the report includes built-in graphs that specifically show the number of disabling actions being performed by a specific user. For instance, you can easily identify a specific user with a high number of disabling activities.
  • Additionally, if you wish to email these report, simply click the Email this report now button. This will enable you to email the reports instantly to your chosen recipients in preferred formats (HTML, PDF, CSV, XLS, XLXS, RAW).
how-to-check-who-disabled-user-account

3. How to remove Microsoft 365 license when a user account is disabled?

When disabling accounts, it's important to remove any associated licenses to avoid continuous charges for unused Microsoft 365 services. Otherwise, inactive user accounts with assigned licenses can burden the organization with ongoing expenses.

Identify the Disabled Users with Active Licenses in Admin Center

Follow these steps to find the users with disabled accounts but active licenses through admin center.

  • Login to the Microsoft 365 admin center.
  • Navigate to the Users»Active Users.
  • In the Active Users page, use the filter option located at the top of the page and choose "Sign-in Blocked". This will filter the list of disabled users.
  • After filtering, utilize the license column to verify their license status.

Remove a License from Azure Active Directory Portal

Follow these steps to remove licenses through the Azure Active Directory Portal.

  • Go to the Microsoft Entra admin center.
  • Navigate to Identity and choose 'Users' from the left navigation pane.
  • Then, select the required user in the All users page whose license you want to revoke.
  • Proceed to 'Licenses' on the left-hand menu and select the desired license.
  • Then, confirm the action by clicking Remove license.

Remove a License Using Graph PowerShell

Run the below cmdlet to revoke license of the required disabled user.

Set-MgUserLicense -UserId <enteruserID> -RemoveLicenses@("EnterSku-ID") -AddLicenses@{}

Monitoring license revocation activities using the native solution might potentially cause delays.

With AdminDroid’s Licenses can be Regained report, you can easily track Office 365 licenses assigned for sign-in disabled users in your tenant.

  • Furthermore, with License Revoking Activities report, you can gain detailed insights into revoked licenses, plans, and revoked time. This enhances efficiency in license management and cost optimization.
  • Pro-Tip: To view the failed actions when revoking the license, utilize the 'easy filter' option by selecting 'Result Status = Failed.' Additionally, set the filters to 'Succeeded' to observe all successful license revocation activities.
office-365-license-revoking-activities

4. How to enable a disabled user account in Microsoft 365?

When an employee with disabled user account needs prompt access to their Microsoft 365 resources, enabling their account will ensure that they can seamlessly resume work without any interruptions.

These steps not only enhance their productivity but also maintains smooth workflow and compliance with organizational regulations.

Enable a Disabled User Account in Microsoft 365

  • Login to the Microsoft 365 admin center using your administrator account.
  • Navigate to the Users»Active Users to find the disabled user account.
  • Select the disabled user account, to open their properties pane. Look for the “Sign-in blocked” message below the username and click on the Unblock sign-in button.
  • On the next screen, uncheck the Block this user from signing in checkbox. Then, click 'Save changes' to apply the new settings.
  • Once done, the user will regain access to Office 365 services. You can confirm the unblocking by checking the “Account” tab, where “Unblock sign in” button should now be replaced with “Block sign in”.

Note📝: If the account was blocked due to password expiration, you may need to assist the user in resetting their password either through the Microsoft 365 admin center or using PowerShell commands.

  • However, the native solution lacks a straightforward method to monitor re-enabled users. It might have additional operations to be performed in unified audit logs, which can be time-consuming.

Using AdminDroid’s Audit Sign-in Re-enabled Users report, you can easily view the list of all re-enabled users in Office 365 along with the enabled action details.

  • In addition, if you wish you can easily export all the sign-in re-enabled users to CSV and other formats according to your preferences.
  • Moreover, you have the flexibility to schedule these filtered reports for regular checks at your preferred frequency – be it daily, weekly, or monthly – ensuring compliance and enabling prompt action against any unauthorized usage. Stay ahead of the game with AdminDroid!
o365-re-enabled-users-report

5. How to create an alert for Microsoft 365 disabled user login attempts?

Microsoft 365 disabled user logins must be investigated to determine whether they are accidental or malicious activities. So that admins can address potential risks promptly and decide whether they can re-enable the disabled users.

Unfortunately, Microsoft 365 native methods do not offer a straightforward method to create alerts for such login attempts, leaving admins with limited options.

Even though it's possible to get alerts on disabled user logins using PowerShell scripts, it will be more difficult and time-consuming for users who are not familiar with PowerShell. These limitations make it challenging to quickly identify and block suspicious login attempts.

AdminDroid eliminates PowerShell limitations and delivers real-time alerts with just a few clicks.

Microsoft 365 admins can effortlessly track Entra ID blocked user sign-ins using the disabled users login attempts report without manual monitoring.

🔔Real-Time Alerts for Disabled User Login Attempts

AdminDroid’s alerting feature provides you with prompt notifications whenever a disabled user attempted to login into M365. This alerting functionality allows admins to take immediate action and avoid potential security risks associated with such login attempts.

create-alert-on-disabled-user-login-attempts

📜AdminDroid’s Default Alert Policy Templates

The 'Blocked User Attempted to Login' alert template simplifies monitoring disabled user login attempts. With just a few steps, you can preview and deploy this default template to start receiving alerts seamlessly.

Pro-tip: Customize the report columns to filter the required data, focusing key information for a quick overview of the alert report.

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Find Disabled Users in Microsoft 365
Azure AD Guides 56 Guides
1Get the Group Membership of a Microsoft 365 User2Find Guest Membership in Microsoft 365 Groups3Get the Storage used by Microsoft 365 Groups4Check if MFA is Enabled in Microsoft 365 5Check Microsoft 365 License Expiry Date6Check Licenses Assigned to Microsoft 365 Users7Export Users Without MFA in Microsoft 3658Optimize Microsoft 365 Group Management in M3659Check Microsoft 365 License Usage10Find Inactive Users in Microsoft 36511Monitor Risky Sign-ins in Microsoft Entra ID12Get User Password Expiration Date in Microsoft 36513Manage Users with Admin Roles in M36514Manage Contact Information in M36515Get Last Logon Time of Users in Microsoft 36516Audit Groups in Microsoft 36517Export a List of All Disabled Users in M36518Get Microsoft 365 Users with Weak Passwords19Get a List of Users from Azure AD20Get All Managers & Direct Reports in M36521List All the Group Owners in Microsoft 36522Track All the External User Activities in M36523Track All the User Activities in M36524Audit License Changes to Microsoft 365 Users25Check Users Last Password change date time in M36526Audit Deleted Users in Microsoft Entra ID27Get Azure Sign-in Logs in Microsoft 36528M365 License Management & Usage Insights29Track Microsoft 365 Groups with External Users30Export Conditional Access Policies Report31Audit Failed Sign-in Attempts in M36532Audit Admin Activity in Microsoft 36533Analyze Conditional Access Sign-ins Report in M36534Export Microsoft 365 Security Groups Report35Get MS Office Activations Report36Track Your Microsoft 365 Secure Score37Audit Entra ID Applications in M36538Audit Password Changes in M365 39Audit All the Policy Operations in M36540Get Entra ID App Usage Report in M36541Audit Power BI Activity Log in Microsoft 36542Monitor Forced Password Changes in M36543Audit Administrative Units in M36544Track Users Without Groups in M36545List All Deleted Groups in Microsoft 36546List All Nested Groups in Microsoft Entra ID47Find all Unlicensed Users in Microsoft 36548Track Groups with Disabled Users in M36549List All Role-assignable Groups in Microsoft 36550Monitor Empty Groups in Microsoft 36551Monitor Guest User Sign-ins in Microsoft 36552Audit User Creations in Microsoft 36553Get Guest Users List in Microsoft 36554Find Microsoft 365 Groups with Expiration Policies55Export a List of Expired M365 Subscriptions56List All Microsoft 365 Users with No Manager
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo