Disable or Delete Inactive Users in Microsoft 365 using PowerShell

By /

Inactive accounts in Microsoft 365 aren’t just resource drains—they can also pose security risks. Regularly cleaning up these accounts is essential for a secure and efficient environment.

💡Use this PowerShell script to quickly identify, disable, or delete inactive Microsoft 365 users based on their last sign-in.

✅Inactive User Scopes:

  • All users
  • Licensed users
  • Enabled users
  • Disabled users
  • External users
  • Exclude never logged-in users

✅Cleanup Actions supported:

  • Disable users
  • Delete users

✅Inactive Days based on:

  • Last interactive sign-in date
  • Last non-interactive sign-in date

The script supports scheduling functionality which helps you automate the inactive users cleanup process.

PowerShell Script Example:


<h1>Connect to Microsoft 365</h1>

Connect-MsolService

<h1>Get all users who haven't signed in for 90 days</h1>

$inactiveUsers = Get-MsolUser -All | Where-Object { $_.LastLogonTime -lt (Get-Date).AddDays(-90) }

<h1>Disable inactive users</h1>

foreach ($user in $inactiveUsers) {
Set-MsolUser -UserPrincipalName $user.UserPrincipalName -BlockCredential $true
Write-Output "Disabled user: $($user.UserPrincipalName)"
}

<h1>Delete inactive users</h1>

foreach ($user in $inactiveUsers) {
Remove-MsolUser -UserPrincipalName $user.UserPrincipalName -Force
Write-Output "Deleted user: $($user.UserPrincipalName)"
}

What Undercode Say:

Managing inactive users in Microsoft 365 is a critical task for maintaining a secure and efficient IT environment. Inactive accounts can become a security liability, especially if they are not monitored or cleaned up regularly. The PowerShell script provided above offers a straightforward way to identify and manage these accounts, whether by disabling or deleting them.

In addition to the Microsoft 365-specific commands, here are some related Linux and Windows commands that can help in managing user accounts and security:

Linux Commands:

  • lastlog: Checks the last login time of all users.
  • usermod -L <username>: Locks a user account.
  • userdel <username>: Deletes a user account.
  • chage -l <username>: Displays password aging information for a user.
  • passwd -l <username>: Locks a user’s password.

Windows Commands:

  • net user <username> /active:no: Disables a user account.
  • net user <username> /delete: Deletes a user account.
  • wmic useraccount where name="<username>" get lastlogin: Retrieves the last login time of a user.
  • dsquery user -inactive <weeks>: Finds inactive users in Active Directory.

For further reading on Microsoft 365 user management and PowerShell scripting, you can refer to the following resources:
Microsoft 365 Documentation
PowerShell Documentation

By regularly auditing and cleaning up inactive accounts, you can significantly reduce the risk of unauthorized access and ensure that your IT environment remains secure and efficient.

References:

Hackers Feeds, Undercode AIFeatured Image

Related Posts:

Scroll to Top