How to Find the Sign-In Status of a User in Microsoft 365
Imagine a team leader getting locked out of their Microsoft 365 account during a critical project. This would disrupt their access to essential services, halt their work, risk deadlines, and affect the entire team’s workflow. Situations like this highlight the importance of proactively monitoring user account statuses to prevent unnecessary delays and frustration. By monitoring the user sign-in status in Microsoft 365, you can quickly identify and resolve account lockouts efficiently, keeping your operations running smoothly.
In this blog, let’s explore the steps to track the account sign-in status of all users in Microsoft 365. With this approach, you’ll be able to unblock accounts when needed, minimize downtime, and maintain seamless productivity.
Frequently monitoring the account status of users in Microsoft 365 is crucial for managing access and protecting resources. It determines whether users can log in to services like Teams, Outlook, or SharePoint and work seamlessly without any disruptions.
However, the sign-in restrictions in Microsoft 365 may result from account policies or administrative actions, such as blocking access during investigations. While these measures enhance security by blocking access for inactive user accounts or former users, they can occasionally affect legitimate users due to mistakes or outdated credentials.
Therefore, monitoring the sign-in status of users in Microsoft 365 ensures seamless access while maintaining security. By monitoring Microsoft 365 user account status, admins can quickly identify access issues and resolve login problems.
Now, let’s explore how to check if a Microsoft account is active or not.
- How to check the account status of a user in Microsoft 365
- Get the sign-in status of a user in Microsoft Entra
- Identify the account status of users using PowerShell
You can check the sign-in status of a user in Microsoft 365 directly from the M365 Admin Center. This allows you to quickly determine if a user account is active or blocked from signing in.
Follow the below steps to check the sign-in status of a user in Microsoft 365.
- Log in to the Microsoft 365 admin center and navigate to the Users → Active users.
- Scroll through the list of users and locate the user account you want to inspect.
- Look for the Sign-in blocked message under the user’s name in the account details. If it is displayed, the account is disabled; if not, it is a sign-in-enabled user account.
In Microsoft Entra, you can efficiently check the account status of all users in one view by adjusting the user list view. This eliminates the need to open each user’s account individually, saving time and simplifying account management.
Follow the below steps to find the account status of all Microsoft 365.
- Log in to the Microsoft Entra admin center.
- Navigate to Identity → Users → All users.
- Click Manage view, select Edit columns, then click Add column.
- Choose Account enabled and click Save.
This will display the account status of all users, allowing you to quickly identify which accounts are active or disabled. For a single user, you can select their account and view the sign-in status under the “My Feed” section on the overview page.
Searching through numerous users can be time-consuming, especially in larger organizations with many accounts. In these scenarios, you can use PowerShell to track the account status of all users in Microsoft 365.
Install and connect to Microsoft Graph with appropriate permissions with the below cmdlet.
Connect-MgGraph –Scopes “User.Read.All”
Execute the below cmdlet to check the sign-in status of a user in Microsoft 365 using PowerShell.
Get-MgUser -UserId <UserUPN or ID> -Property AccountEnabled | Select AccountEnabled
Here, replace the <UserUPN or ID> with the User Principal Name or the user ID of the specific user, you wish to check the account status.
It’s always the admin’s responsibility to ensure that all legitimate users can access Microsoft 365 resources. At the same time, they must confirm that deactivated or terminated users are properly restricted from signing in.
In such cases, the following cmdlet can help. It provides the status of all users in a single command, reducing the need to check each user individually.
Run the below cmdlet to get the sign-in status from Microsoft 365 via PowerShell.
Get-MgUser -All -Select DisplayName, UserPrincipalName, AccountEnabled | Format-Table DisplayName, UserPrincipalName, AccountEnabled
Imagine there are a few former employees who still have access to your organization’s Microsoft 365 environment, but you’re unsure who exactly has access. Going through all users manually to identify those with sign-in privileges can be time-consuming. Instead, by retrieving all sign-in-enabled users, you can quickly pinpoint who still has access and take necessary action.
To quickly identify all users who can log in and access Microsoft services, you can execute the following cmdlet.
Get-MgUser –Filter “accountEnabled eq true” | select DisplayName, UserPrincipalName
Disabled accounts often signal potential security risks, such as compromised credentials, risky sign-ins, or suspicious activity. Thus, monitoring these users is crucial for admins to ensure they haven’t regained access without prior knowledge.
Run the below cmdlet to get all sign-in disabled users in Microsoft 365.
Get-MgUser –Filter “accountEnabled eq false” | select DisplayName, UserPrincipalName
It is the main responsibility of admins to unblock a disabled account in Microsoft 365 to ensure seamless access and productivity. However, before proceeding with unlocking an account, investigate the cause of the lockout to rule out any malicious activities or unauthorized access attempts.
To unlock a disabled user account in Microsoft 365,
- Go to the Active users page and select the disabled user.
- Click Unblock sign-in, uncheck the “Block this user from signing in” box, and then click Save changes.
Account lockouts in Microsoft 365 prevent users from signing in due to reasons such as password expiration, outdated credentials, Smart Account Lockout Policy, or Conditional Access Policies. While this mechanism is a vital defense against password-guessing attacks like password spraying and brute-force attacks, it can also block legitimate users due to forgotten passwords or outdated credentials.
These locked-out users won’t appear with a “sign-in blocked” status in the Microsoft 365 Admin Center, even though their access is still blocked. Thus, follow the steps below to identify locked-out accounts and ensure authorized users aren’t blocked from sign-in.
As an admin, you may need to identify locked-out users in Microsoft 365 to pinpoint accounts that may be at risk of compromise.
Audit sign-in failures in Microsoft 365 to track locked-out Microsoft 365 user accounts:
- Log in to the Microsoft Entra admin center.
- Navigate to Identity → Monitoring & Health → Sign-in logs.
- Apply a filter by clicking Add filters, then choose Status and set it to Failure. Now, all the failed user sign-ins in Microsoft 365 will be listed.
- Look for the code 50053, which indicates a locked account. The failure reason will state: “The account is locked. You’ve tried to sign in too many times with an incorrect user ID or password.”
The account will be unlocked automatically after the lockout duration expires. In the meantime, if you want to unlock the Microsoft 365 user account, you should reset the password using the Microsoft 365 admin center.
Users can also change their password through Self-Service Password Reset (SSPR) if enabled. After resetting the password, the lockout duration is reset to zero, allowing users to sign in without further issues.
That’s it! I hope this blog has provided you with useful insights on identifying Microsoft 365 user sign-in status. If you have any questions or need assistance, don’t hesitate to reach out in the comments section.
