maayanlux/DisableUsers.ps1

## DisableUsers.ps1
#Connect-AzAccount using Azure Automation Managed Identity
Connect-AzAccount -identity

#Sign in to MgGraph
function Get-AzToken
{
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true)]
        [String]
        $ResourceUri,
        [Switch]$AsHeader
    )
    $Context =
    [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
    $Token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, $ResourceUri).AccessToken

    if ($AsHeader) {
        return @{Headers = @{Authorization = "Bearer $Token" } }
    }
    return $Token
}

$Token = Get-AzToken -ResourceUri 'https://graph.microsoft.com/'
Connect-MgGraph -AccessToken $Token

#Insert values of your subscription id, storage account resource group and storage account name in order to automatically create the Blob container
$subscriptionId = " "
$storageAccountRG = " "
$storageAccountName = " "
$todaydate = Get-Date -Format dd-MM-yy
$dateday = Get-Date -DisplayHint Date
$storageContainerName = "disableusers-$todaydate"

# Select Azure Subscription
Select-AzSubscription -SubscriptionId $SubscriptionId

# Get Storage Account Key
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $storageAccountRG -AccountName $storageAccountName).Value[0]

# Set AzureStorageContext and create new container per running date
$context = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
New-AzureStorageContainer -Name $storageContainerName -Context $context

#Get the date from 90 days ago
$SetDate = (Get-Date).AddDays(-90);
$SetDate = Get-Date($SetDate) -format yyyy-MM-dd

#Get all Azur AD users in 'Enable' status. (Without the '-All' it will represent only the first 100 users)
$AllUsers= Get-MgUser -Filter "AccountEnabled eq true" -All

#Get Sign in logs using Get-MgAuditLogSignIn
$AllSiginLogs = Get-MgAuditLogSignIn -All
$AllDisableUsers = @()

foreach($user in $AllUsers)
{
    Select-MgProfile beta
    $LoginRecord = Get-MgUser -UserId $user.Id -Property signinactivity | Select-Object -ExpandProperty SignInActivity | Sort-Object CreatedDateTime -Descending

    if($LoginRecord.Count -gt 0)
    {
        $lastLogin = $LoginRecord.LastSignInDateTime
        $log = $AllSiginLogs | Where-Object{ $_.Id -eq $LoginRecord.LastSignInRequestId  }

        if($lastLogin -lt $SetDate)
        {
                Write-Output "Last logon time, user can be disable : " $lastLogin
                Write-Output "Last logon time, user can be disable : " $user.DisplayName
                $UserObj = [pscustomobject]@{
                ID       = $user.Id
                Name     = $user.DisplayName
                UPN       = $user.UserPrincipalName
                LastLogin    = $lastLogin
                appDisplayName   = $log.appDisplayName
            }
            $AllDisableUsers +=  $UserObj
        }
    }
    else
    {
        $lastLogin = 'no login record'
        Write-Output "Last logon time, user can be disable : " $user.DisplayName
        $UserObj = [pscustomobject]@{
                ID                = $user.Id
                Name           = $user.DisplayName
                UPN            = $user.UserPrincipalName
                LastLogin        = "no login record"
                appDisplayName   = ""
                ipAddress         = ""
                clientAppUsed     = ""
            }
            $AllDisableUsers +=  $UserObj
    }
    $LogFull = "DisableUsers.csv"
}

$AllDisableUsers | Select-Object ID, @{N="Display Name"; E={$_.Name}}, UPN, @{N="Last Login"; E={$_.LastLogin}}, @{N="App Display Name"; E={$_.appDisplayName}}, @{N="IP Address"; E={$_.ipAddress}}, @{N="Client App Used"; E={$_.clientAppUsed}} | Export-Csv -Path $LogFull -Append -NoTypeInformation

Set-AzureStorageBlobContent -Context $context -Container $storageContainerName -File $LogFull

#Disable all users
foreach ($du in $AllDisableUsers)
{
    Update-MgUser -UserId $du.UPN -AccountEnabled:$false
}
	#Connect-AzAccount using Azure Automation Managed Identity
	Connect-AzAccount -identity

	#Sign in to MgGraph
	function Get-AzToken
	{
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $true)]
	[String]
	$ResourceUri,
	[Switch]$AsHeader
	)
	$Context =
	[Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
	$Token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, $ResourceUri).AccessToken

	if ($AsHeader) {
	return @{Headers = @{Authorization = "Bearer $Token" } }
	}
	return $Token
	}

	$Token = Get-AzToken -ResourceUri 'https://graph.microsoft.com/'
	Connect-MgGraph -AccessToken $Token

	#Insert values of your subscription id, storage account resource group and storage account name in order to automatically create the Blob container
	$subscriptionId = " "
	$storageAccountRG = " "
	$storageAccountName = " "
	$todaydate = Get-Date -Format dd-MM-yy
	$dateday = Get-Date -DisplayHint Date
	$storageContainerName = "disableusers-$todaydate"

	# Select Azure Subscription
	Select-AzSubscription -SubscriptionId $SubscriptionId

	# Get Storage Account Key
	$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $storageAccountRG -AccountName $storageAccountName).Value[0]

	# Set AzureStorageContext and create new container per running date
	$context = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
	New-AzureStorageContainer -Name $storageContainerName -Context $context

	#Get the date from 90 days ago
	$SetDate = (Get-Date).AddDays(-90);
	$SetDate = Get-Date($SetDate) -format yyyy-MM-dd

	#Get all Azur AD users in 'Enable' status. (Without the '-All' it will represent only the first 100 users)
	$AllUsers= Get-MgUser -Filter "AccountEnabled eq true" -All

	#Get Sign in logs using Get-MgAuditLogSignIn
	$AllSiginLogs = Get-MgAuditLogSignIn -All
	$AllDisableUsers = @()

	foreach($user in $AllUsers)
	{
	Select-MgProfile beta
	$LoginRecord = Get-MgUser -UserId $user.Id -Property signinactivity \| Select-Object -ExpandProperty SignInActivity \| Sort-Object CreatedDateTime -Descending

	if($LoginRecord.Count -gt 0)
	{
	$lastLogin = $LoginRecord.LastSignInDateTime
	$log = $AllSiginLogs \| Where-Object{ $_.Id -eq $LoginRecord.LastSignInRequestId }

	if($lastLogin -lt $SetDate)
	{
	Write-Output "Last logon time, user can be disable : " $lastLogin
	Write-Output "Last logon time, user can be disable : " $user.DisplayName
	$UserObj = [pscustomobject]@{
	ID = $user.Id
	Name = $user.DisplayName
	UPN = $user.UserPrincipalName
	LastLogin = $lastLogin
	appDisplayName = $log.appDisplayName
	}
	$AllDisableUsers += $UserObj
	}
	}
	else
	{
	$lastLogin = 'no login record'
	Write-Output "Last logon time, user can be disable : " $user.DisplayName
	$UserObj = [pscustomobject]@{
	ID = $user.Id
	Name = $user.DisplayName
	UPN = $user.UserPrincipalName
	LastLogin = "no login record"
	appDisplayName = ""
	ipAddress = ""
	clientAppUsed = ""
	}
	$AllDisableUsers += $UserObj
	}
	$LogFull = "DisableUsers.csv"
	}

	$AllDisableUsers \| Select-Object ID, @{N="Display Name"; E={$_.Name}}, UPN, @{N="Last Login"; E={$_.LastLogin}}, @{N="App Display Name"; E={$_.appDisplayName}}, @{N="IP Address"; E={$_.ipAddress}}, @{N="Client App Used"; E={$_.clientAppUsed}} \| Export-Csv -Path $LogFull -Append -NoTypeInformation

	Set-AzureStorageBlobContent -Context $context -Container $storageContainerName -File $LogFull

	#Disable all users
	foreach ($du in $AllDisableUsers)
	{
	Update-MgUser -UserId $du.UPN -AccountEnabled:$false
	}