Automatically disable to report inactive account in Azure / Entra ID?

Question

I'm curious if there's a built-in feature in Microsoft Entra ID or Azure AD that can automatically disable or remove users whose SignInActivity logs and LastSuccessfulSignInDate are empty.

I need to disable them if no activity has been logged in the last 30 days since their creation.

How can I accomplish this without using a sophisticated scripting process as my tenant is using Entra ID Premium P2 feature. https://learn.microsoft.com/en-us/graph/api/resources/signinactivity?view=graph-rest-1.0&WT.mc_id=M365-MVP-9501%3Fview%3Dgraph-rest-beta

Answer 1

Hi EnterpriseArchitect,

Thank you for posting your query on Microsoft Q&A!

We do have a feature within Entra ID Governance where you can use "Access Reviews" to automatically generate a report of inactive users and carry out some actions on them, see a blog post here on how to set it up - https://techcommunity.microsoft.com/t5/microsoft-entra-blog/step-by-step-guide-to-identify-inactive-users-by-using-microsoft/ba-p/3944705

This would be the only out of the box solution that does not require automation / scripting.

Do let me know if you have any further queries, I would be happy to help!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Kind Regards, Donal

Answer 2

Access Reviews with an end result of disabling the account are only applicable to Guest accounts. Looking for a method for this to apply to Member accounts. Right now reviews seem to only be able to act on a group, and then remove the users access to the group as the action - which is not account level action. Anyone have a method for blocking sign in after no login for 30 days for member account types?