How To Windows

How to Find Disabled Users in Microsoft 365

By Raj Bepari 2 min read
How to Find Disabled Users in Microsoft 365
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

In Microsoft 365, user accounts can be disabled for many reasons—employee offboarding, license cleanup, security incidents, or temporary access restrictions. As an admin, it’s important to know how to quickly find disabled users so you can review, re-enable, or permanently remove them when needed.

In this guide, we’ll walk you through all the reliable ways to find disabled users in Microsoft 365, using the Admin Center, Entra (Azure AD), and PowerShell.

Find Disabled Users in Microsoft 365

You can identify disabled users using three main methods:

  • Microsoft 365 Admin Center (easiest)
  • Microsoft Entra Admin Center (detailed)
  • PowerShell (best for bulk checks and automation)

Start with the method that fits your role and experience level.

1: Find Disabled Users from Microsoft 365 Admin Center

This is the simplest and most commonly used method.

  1. Sign in to the Microsoft 365 Admin Center
  2. Go to Users
  3. Select Active users
  4. Click Filters
  5. Under Sign-in status, select Blocked
  6. Apply the filter

You’ll now see a list of users whose sign-in access has been disabled.

  • Users blocked from signing in
  • Accounts disabled manually or by policy
  • Users that still exist but cannot access services

2: Find Disabled Users in Microsoft Entra Admin Center

For deeper identity-level details, use Entra (formerly Azure AD).

  1. Open the Microsoft Entra admin center
  2. Go to Users
  3. Select All users
  4. Click Add filter
  5. Choose Account enabled
  6. Set the value to False
  7. Apply the filter

This shows all accounts where sign-in is disabled at the directory level.

  • Shows identity status across all services
  • Includes synced and cloud-only users
  • Helpful for security and compliance reviews

3: Use PowerShell to List Disabled Users (Recommended for Admins)

PowerShell is ideal if you manage many users or need reports.

  • Microsoft Graph PowerShell module installed
  • Admin permissions
  1. Open PowerShell as Administrator
  2. Connect to Microsoft Graph: Connect-MgGraph -Scopes "User.Read.All"
  3. Run the following command: Get-MgUser -Filter "accountEnabled eq false" | Select DisplayName, UserPrincipalName

This command lists all disabled users in your tenant.

4: Find Disabled Users in Hybrid (AD-Synced) Environments

If your organization uses on-premises Active Directory with sync:

  • Disabled on-prem AD users sync as disabled in Microsoft 365
  • You must re-enable them in Active Directory, not the cloud
  1. Check user status in Active Directory Users and Computers
  2. Re-enable the account if needed
  3. Wait for Azure AD Connect sync (or force sync)

Cloud-only changes won’t override on-prem settings.

Common Reasons Users Are Disabled

Understanding why users are disabled helps avoid confusion.

  • Manual admin action
  • Employee termination
  • Security breach response
  • License cleanup
  • Conditional Access or sign-in block
  • Directory sync from disabled AD account

How to Re-Enable a Disabled User

Once you identify the user, re-enabling is simple.

From Admin Center:

  1. Select the user
  2. Click Block sign-in
  3. Toggle it Off
  4. Save changes

From Entra:

  1. Open the user profile
  2. Set Account enabled to Yes
  3. Save

Wrapping Up

With that, we wrap up our complete guide on how to find disabled users in Microsoft 365. Whether you’re using the Admin Center for quick checks, the Entra Admin Center for deeper identity management, or PowerShell for bulk reporting, Microsoft 365 provides multiple reliable ways to track disabled accounts.

By regularly reviewing disabled users and understanding why accounts are blocked, you can maintain better security, compliance, and user lifecycle management.

Raj Bepari

I’m a digital content creator passionate about everything tech.