That's not the default behavior, accounts disabled on-premises will have the corresponding BlockCredentials flag toggled in Azure AD too. If that's not what you are seeing, check your sync rules. Or do you perhaps mean "locked" accounts?
Block azure/o365 login if ad account is disabled via ad connect
brenji
6
Reputation points
I noticed that when accounts are disabled in AD, AD connect does not sync this attribute and block sign-in to azure/o365. Is it possible to sync this attribute to automate this?
Thank you,
Ryan
2 answers
Sort by: Most helpful
-
-
Limitless Technology 39,396 Reputation points
2021-09-30T15:12:11.537+00:00 Hi there,
If a synced directory user account is disabled in Azure or Active Directory, the user will be disabled in Duo automatically when the next directory sync occurs. This is by design and I suppose you cannot automate this
--If the reply is helpful, please Upvote and Accept as answer--