Forum Discussion
Policy in office 365 to block users after a period of inactivity
I want to apply a policy that automatically blocks a user from sign in after a period of time.
I know I can see inactive user reports
I know how to manually block users
I know I can run a power shell script to find inactive users and block them
I am looking for a way to automatically block these users with out IT having to do something.
- Max FritzIron Contributor
There is no policy built in to Office 365 that matches what you're describing (automatically block users from signing in after a specific period of inactivity). You could however create an Azure function or a scheduled task on a server to run a PowerShell script to find inactive users and block them on a regular basis. That would be my best approach to this.
I'd be curious to hear more about the use case for this though. Is this a security measure?
- Stefanie CorteseCopper Contributor
Thanks. It is for compliance. I don't let any users sit out there that long that are inactive or should be disabled. This requirement is to "check the box" that compliance is met.
- CyberChrisCopper Contributor
Hello from 2024! Any chance this feature has been developed? I too am trying to check a compliance box. Thanks!
Well we have a similar feature in SPO: https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Introducing-Idle-Session-Timeout-in-SharePoint-and-OneDrive/ba-p/119208
But that will only trigger when the user is idling on a SPO site, not for any other O365 app.
- Max FritzIron ContributorThat only expires the session though, not block/disable the user. I believe Stefanie was asking about blocking accounts. Could do configurable tokens in AAD (soon to be part of/replaced by Conditional Access) if we're just talking about session timeouts.
- iyadCopper Contributor
Look into the below link, that might be helpful
May consider Azure Access Reviews which allows you to periodically review and manage access to resources (like user accounts) based on predefined schedules