Forum Discussion
Azure AD account expiration date
We are in need of having expiration date for Azure AD User accounts. How do we acomplish that?
- In the end I solved my issue by creating a list in Sharepoint online containing user accounts object ID and the last day of employment as a date.
Then in Microsoft Power Automate I created a flow running every night checking if any records in the list are the same or earlier than today and if so setting AzureAD account to be disabled in Azure AD. When on it I also remove the account from the Azure AD security group providing Microsoft 365 licenses.
So by not having account expire date in Azure AD in the end was giving me the opportunity to do more. Thanks Microsoft. 😄
Thanks BilaelHadd,
Unfortunatley we will not engage in Azure AD P2 license.
Unfortunatley we will not engage in Azure AD P2 license.
In the end I solved my issue by creating a list in Sharepoint online containing user accounts object ID and the last day of employment as a date.
Then in Microsoft Power Automate I created a flow running every night checking if any records in the list are the same or earlier than today and if so setting AzureAD account to be disabled in Azure AD. When on it I also remove the account from the Azure AD security group providing Microsoft 365 licenses.
So by not having account expire date in Azure AD in the end was giving me the opportunity to do more. Thanks Microsoft. 😄
Then in Microsoft Power Automate I created a flow running every night checking if any records in the list are the same or earlier than today and if so setting AzureAD account to be disabled in Azure AD. When on it I also remove the account from the Azure AD security group providing Microsoft 365 licenses.
So by not having account expire date in Azure AD in the end was giving me the opportunity to do more. Thanks Microsoft. 😄
- To my mind this is really just a workaround rather than a proper solution. It will work until MS decides to make changes to the underlying structure and breaks your solution. Which based on prior experience when this happens you may never know about it until its too late. Also this isn't really the same thing as the account should just be expired and not disabled - which triggers other processes like notification to managers etc.
