This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 36%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
I noticed that when accounts are disabled in AD, AD connect does not sync this attribute and block sign-in to azure/o365. Is it possible to sync this attribute to automate this?
Thank you,
Ryan
That's not the default behavior, accounts disabled on-premises will have the corresponding BlockCredentials flag toggled in Azure AD too. If that's not what you are seeing, check your sync rules. Or do you perhaps mean "locked" accounts?
Hi there,
If a synced directory user account is disabled in Azure or Active Directory, the user will be disabled in Duo automatically when the next directory sync occurs. This is by design and I suppose you cannot automate this
--If the reply is helpful, please Upvote and Accept as answer--