Azure inactive users remediation

Using Console

Using CLI

To remediate inactive users in Azure Active Directory (Azure AD) using Azure CLI, follow these steps:

Install Azure CLI: If you haven’t already, install the Azure CLI on your local machine by following the instructions provided by Microsoft.
Sign in to Azure: Open a terminal or command prompt and sign in to your Azure account by running the following command:
```
az login
```
Select the Azure subscription: If you have multiple Azure subscriptions, use the following command to select the appropriate subscription:
```
az account set --subscription <subscription_id>
```

List inactive users: Use the following command to list all inactive users in Azure AD:

az ad user list --query "[?lastSignInDateTime=='null' && userType=='Member'].{displayName:displayName, objectId:objectId}"

Review the list: Examine the output of the previous command to identify the inactive users that need to be remediated. Note down the objectId of each inactive user.
Disable inactive users: For each inactive user identified in the previous step, run the following command to disable the user:
```
az ad user update --id <objectId> --accountEnabled false
```
Replace <objectId> with the actual objectId of the inactive user.
Verify the changes: To ensure that the users have been disabled, you can use the az ad user show command to check the accountEnabled status of each user:
```
az ad user show --id <objectId> --query accountEnabled
```
Replace <objectId> with the actual objectId of the user.
Repeat step 6 and 7 for each inactive user identified in step 5.

By following these steps, you can remediate inactive users in Azure AD using Azure CLI.

Using Python

To remediate inactive users in Azure Active Directory (Azure AD) using Python, follow these steps:

Install the required libraries:
- Install the Azure Identity library: pip install azure-identity
- Install the Azure Management IAM library: pip install azure-mgmt-authorization
Import the necessary modules in your Python script:

from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
from datetime import datetime, timedelta

Authenticate with Azure using the DefaultAzureCredential:

credential = DefaultAzureCredential()
subscription_id = "<your-subscription-id>"
client = AuthorizationManagementClient(credential, subscription_id)

Define a function to get the list of inactive users:

def get_inactive_users(days):
    end_date = datetime.now()
    start_date = end_date - timedelta(days=days)
    filter_str = f"signInActivity/lastSignInDateTime le {end_date.isoformat()} and signInActivity/lastSignInDateTime ge {start_date.isoformat()}"
    
    users = client.users.list(filter=filter_str)
    return users

Define a function to disable the inactive users:

def disable_inactive_users(days):
    users = get_inactive_users(days)
    
    for user in users:
        user.is_account_enabled = False
        client.users.update(user.object_id, user)

Specify the number of days of inactivity after which a user should be considered inactive:

inactive_days_threshold = 90

Call the disable_inactive_users function with the specified number of inactive days:

disable_inactive_users(inactive_days_threshold)

Make sure you have the necessary permissions to manage users in Azure AD. Adjust the code as necessary to suit your specific requirements and environment.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Azure inactive users remediation

Triage and Remediation

Remediation