Forum Discussion
Disabled user in O365 hybrid envrionment
We have an hybrid deployment with on-prem mailserver with local AD and mailboxes in the cloud, O365 with AzureAD. The sync between local AD and Azure is one-way communication, so every change is done...
As far as I understand, the user has been disabled in Azure AD. That's enough to block the user - of course, the best practice is to break his sessions in Azure:
Get-AzureADUser -SearchString user@domain.com | Revoke-AzureADUserAllRefreshToken
I really don't think he will be able to do anything if the account is disabled in Azure. I know about some scenarios when the account is removed from AD but due to the wrong configuration of the DirSync was still alive and enabled in the cloud - and that was the real issue. But in your case - the user has no access to the cloud resources.
Get-AzureADUser -SearchString user@domain.com | Revoke-AzureADUserAllRefreshToken
I really don't think he will be able to do anything if the account is disabled in Azure. I know about some scenarios when the account is removed from AD but due to the wrong configuration of the DirSync was still alive and enabled in the cloud - and that was the real issue. But in your case - the user has no access to the cloud resources.
