I need to set some user accounts in AAD to expire in some time. For example, students in the university should not be allowed to access class sharepoint site after graduation (4 years). Is their some automatic mechanism to do this? Mainly I'm referring to auto-expire users in a group.
Asked
Active
Viewed 9,055 times
1 Answers
4
Azure AD doesn't support for setting expiration date for Azure AD accounts currently. If this is an important feature for your requirements, you can submit a feedback to the following site.
https://feedback.azure.com/d365community/idea/5d44d790-c525-ec11-b6e6-000d3a4f0789
However, the on-premises domain accounts can be set an expiration date. if you have implemented Windows Server Active Directory in the university, you can deploy ADFS and AD Connect. This can synchronize the on-premises domain accounts to Azure AD. And these accounts can be used for accessing applications, such as Sharepoint site. If one account has expired, it'll be blocked from accessing application automatically.
On the other hand, if ADFS and AD Connect is not an accepted option. You can also create a script based on the Azure AD Powershell cmdlets. For example, you can get the created time for account by using the command 'Get-MsolUser', then based on the expiration date you specified, the account can be blocked or deleted by using the corresponding commands.
Andy Hames
- 105
- 5
Andy Liu - MSFT
- 351
- 1
- 4