Reject policy for all email that are not a active user

XenoxNL are you familiar with DBEB/Directory-based Edge Blocking? Messages sent to non-existent addresses within authoritative domains are dropped: Use Directory-Based Edge Blocking to reject messages sent to invalid recipients in Exchange Online.

Additionally, you can always set a recipient (mailboxes, distribution lists, etc.) to require that a sender be "authenticated" (using the -RequireSenderAuthenticationEnabled paramter on the Set-* cmdlets).

Otherwise, you you can always get more granual with your needs by creating transport rules to block external senders to certain recipients/scenarios. 

It depends on your definition of "not active". Not logging on for X days? Not sending for X days? Not on an internal list for your organisation (payroll, building access, anything?)

That activity or lack of activity feeds a static Azure group, and you reject, drop or quarantine messages to that group as per your requirement. I would use a mail flow rule but there might even be simpler solutions involving the group and mailbox permissions. If your user maintenance procedure is defining inactivity, assigning a private primary address and removing all the publicly deliverable aliases and distribution group memberships also shuts the mailbox down without removing the content. Beware of using an exemption (block all except to active users) as you will have fun with BCC or groups, depending on how the expansion works out.