Forum Discussion
Azure AD account expiration date
We are in need of having expiration date for Azure AD User accounts. How do we acomplish that?
- In the end I solved my issue by creating a list in Sharepoint online containing user accounts object ID and the last day of employment as a date.
Then in Microsoft Power Automate I created a flow running every night checking if any records in the list are the same or earlier than today and if so setting AzureAD account to be disabled in Azure AD. When on it I also remove the account from the Azure AD security group providing Microsoft 365 licenses.
So by not having account expire date in Azure AD in the end was giving me the opportunity to do more. Thanks Microsoft. 😄
What would really be nice is if we could sync from On-Premises Active Directory to Azure AD the account expiration date. While we can sync and block access if the account is disabled, but when it comes to contractors you are not always told when a contract has ended and there account stay enabled. This allows them to still have access to data/email/teams/etc when they are no longer contracting.
Oldie but a goodie from aaron... https://www.undocumented-features.com/2017/09/15/use-aad-connect-to-disable-accounts-with-expired-on-premises-passwords/
