You can disable user accounts in Azure AD through the Azure portal or using PowerShell.
Disabling User Accounts in the Azure Portal:
- Log in to the Azure portal: Navigate to the Azure portal and sign in with your account.
- Navigate to Azure Active Directory: In the left-hand menu, click on "Azure Active Directory."
- Select "Users": Under "Manage," select "Users."
- Choose the user: Locate the user account you want to disable and click on its name.
- Disable the account: In the user's profile, under "Account enabled," toggle the switch to "No."
- Save changes: Click "Save" to confirm the changes.
Disabling User Accounts Using PowerShell:
- Install the Azure AD PowerShell module: Make sure you have the Azure AD PowerShell module installed. You can install it using the command
Install-Module AzureAD
. - Connect to Azure AD: Use the command
Connect-AzureAD
to connect to your Azure AD tenant. - Disable the user account: Run the command
Set-AzureADUser -ObjectId <userObjectId> -AccountEnabled $false
, replacing<userObjectId>
with the user's object ID.
Important Considerations:
- Understanding the impact: Disabling a user account prevents them from logging in and accessing resources within your organization.
- Alternative options: Consider using other options like suspending or deleting the account based on your specific needs.
- Re-enabling accounts: You can re-enable a disabled account by following the same steps and toggling the "Account enabled" switch to "Yes" in the portal or using the
Set-AzureADUser -ObjectId <userObjectId> -AccountEnabled $true
command in PowerShell.