Skip to main content

You like to list all the disabled Microsoft 365 accounts in Microsoft 365. Checking this through Microsoft Entra takes time. It’s faster to retrieve all the disabled users with Microsoft Graph PowerShell. In this article, you will learn how to export Microsoft 365 disabled users.

Find disabled user in Microsoft 365 admin center

To check the Microsoft 365 user disabled state in Microsoft 365 admin center, follow these steps:

  1. Sign in to Microsoft 365 admin center.
  2. Expand Users.
  3. Click on Active Users.
  4. Select the User.
Export Microsoft 365 disabled users report admin center single user
  1. The Sign-in blocked appears, which means the account is disabled. If you don’t see anything, the account is enabled.
Export Microsoft 365 disabled users report sign-in blocked

Doing this for one user is OK. But if you want to check multiple users, it’s easier to have a report that contains all the users and their status. Let’s look at that in the next step.

Export disabled users report in Microsoft 365 admin center

To download the Microsoft 365 users status and more information from Microsoft 365 admin center, follow these steps:

  1. Sign in to Microsoft 365 admin center.
  2. Expand Users.
  3. Click on Active users > … > Export users.
Export Microsoft 365 disabled users report export users
  1. Open the CSV file with your favorite program (Microsoft Excel).
  2. Check the Block credential column.

False means the account is enabled, and True means the account is disabled.

Export Microsoft 365 disabled users report Excel

Note: Do you want to sign out and disable Microsoft 365 users with PowerShell?

Export Microsoft 365 disabled users PowerShell script

The  Export-M365DisabledUsers.ps1  PowerShell script will get all the Microsoft 365 users that are disabled, output them to a grid view, and export them to a CSV file.

For every user, it gathers the following information:

  1. Id
  2. DisplayName
  3. UserPrincipalName
  4. Mail
  5. UserType
  6. AccountEnabled

Prepare Export-M365DisabledUsers PowerShell script

Create two folders on the (C:) drive:

  • Temp
  • Scripts

Download the  Export-M365DisabledUsers.ps1 PowerShell script and place it in C:\scripts folder. The script will export the CSV file to the C:\temp folder.

Another option is to copy and paste the below code into Notepad. Give it the name Export-M365DisabledUsers.ps1 and place it in the C:\scripts folder.

# Export path for CSV file
$csvPath = "C:\Temp\DisabledUsers.csv"

# Define the properties to retrieve from the user
$Properties = @(
    'Id',
    'DisplayName',
    'UserPrincipalName',
    'Mail',
    'UserType',
    'AccountEnabled'
)

# Connect to the Microsoft Graph API
Connect-MgGraph -Scopes "User.Read.All"

# Get a list of inactive users from the Microsoft Graph API
$disabledUsers = Get-MgUser -All -Filter "AccountEnabled eq false" -Property $Properties |
Select-Object $Properties |
Sort-Object -Property UserPrincipalName

# Display inactive users data in a graphical grid view
$disabledUsers | Out-GridView -Title "Disabled users"

# Export inactive users data to CSV file
try {
    $disabledUsers | Export-Csv -Path $csvPath -NoTypeInformation -Encoding UTF8
    Write-Host "Script completed. Results exported to $csvPath." -ForegroundColor Cyan
}
catch {
    Write-Host "An error occurred while exporting data to CSV: $_" -ForegroundColor Red
}
  • Line 2: Edit CSV file path

Check single Microsoft 365 disabled user status with PowerShell script

For a single user, you can use the below script.

Once you run the script, it will ask to insert the user UPN or ObjectID.

The output shows if the user can’t be found or can be found. If it can be found, the output will be sent to a grid view (Out-GridView) and exported to CSV file with the account state (disabled/enabled).

# Specify the user UserPrincipalName or objectId
$userPrincipalName = Read-Host "Enter UPN or ObjectId"

# Export path for CSV file
$csvPath = "C:\Temp\DisabledUser.csv"

# Connect to the Microsoft Graph API
Connect-MgGraph -Scopes "User.Read.All"

try {
    # Define the properties to retrieve from the user
    $Properties = @(
        'Id',
        'DisplayName',
        'Mail',
        'UserPrincipalName',
        'UserType',
        'AccountEnabled'
    )

    # Get the user object based on the provided userPrincipalName
    $user = Get-MgUser -Filter "UserPrincipalName eq '$userPrincipalName'" -Property $Properties |
    Select-Object -Property $Properties

    if ($user) {
        # Export the data for the specified user to CSV file
        $user | Export-Csv -Path $csvPath -NoTypeInformation -Encoding UTF8

        # Display the data in Out-GridView
        $user | Out-GridView -Title "Disabled users"
        Write-Host "Script completed. Results exported to $csvPath." -ForegroundColor Cyan
    }
    else {
        Write-Host "The specified user does not exist." -ForegroundColor Yellow
    }
}
catch {
    # Output the error message
    Write-Host "An error occurred while exporting data to CSV: $_" -ForegroundColor Red

    # Display the data in Out-GridView without exporting to CSV
    $user | Out-GridView -Title "Disabled users"
}
  • Line 5: Edit CSV file path

Connect to Microsoft Graph PowerShell

Before we can proceed further and get the inactive status for all the users, we need to  Install and connect to Microsoft Graph PowerShell .

Start Windows PowerShell as administrator and run the below commands.

Install-Module Microsoft.Graph -Force
Install-Module Microsoft.Graph.Beta -AllowClobber -Force

Important: Always install the Microsoft Graph PowerShell and Microsoft Graph Beta PowerShell modules. That’s because some cmdlets are not yet available in the final version, and they will not work. Update both modules to the latest version before you run a cmdlet or script to prevent errors and incorrect results.

Run the Connect-MgGraph cmdlet.

Connect-MgGraph -Scopes "User.Read.All"

Run Export-M365DisabledUsers PowerShell script

Get all the inactive users with PowerShell. Run the below command to run the script  Export-M365DisabledUsers.ps1 .

c:\scripts\.\Export-M365DisabledUsers.ps1

Out-GridView

An Out-GridView will show columns with all the disabled users and their information.

Out-GridView with output

Open Microsoft 365 disabled users report CSV file

The  Export-M365DisabledUsers.ps1 PowerShell script will export Microsft 365 users inactivity to CSV file. Find the file DisabledUsers.csv in the path C:\temp.

Export Microsoft 365 disabled users report CSV file

Open the CSV file with your favorite application. In our example, it’s Microsoft Excel.

CSV file

That’s it!

Leave a Reply