Share via

Service accounts have been getting disabled after activating it

Perkit, Naveen 40 Reputation points
2025-07-29T17:20:56.8433333+00:00

we submitted another request today and received the necessary approvals to re-enable the service accounts. Yesterday, after reactivation, we manually logged into GitHub and https://myapps.microsoft.com using the service accounts. However, the accounts were disabled again today, so we had to raise another request to get them reinstated. While we understand that manual login is required at least once every 90 days to prevent deactivation, we’d like to ensure this doesn't keep recurring. Could you please confirm the recommended AD/SSO-enabled applications or login methods we should be using periodically for these service accounts? The frequent deactivations are impacting our deployments, so any clarity would be helpful.

Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Chivarla 105 Reputation points Microsoft External Staff Moderator
    2025-08-06T11:19:12.2133333+00:00

    Hi Perkit, Naveen,

    As per our understanding, you are looking for a way to avoid having the accounts get disabled and wondering if there might be an automated process in Azure that could be causing this behavior.

    There isn't an automated process in Azure that would cause the accounts to be disabled, but if users are getting disabled unintentionally, it's possible that someone in your org is running a script to disable the users. Alternatively, there might be a conditional access policy that is blocking the users based on some criteria.

    Someone who is using a script to disable the inactive accounts could evaluate the lastSignInDateTime property exposed by the signInActivity resource type of the Microsoft Graph API. Then they could query a list of users whose last lastSignInDateTime is before a specified date and disable those users. This might explain why users are being blocked if they haven't signed in within a three-week timframe.

    How to manage inactive user accounts - Microsoft Entra ID | Microsoft Learn

    It is also possible that the service accounts are being disabled due to Conditional Access policies. The accounts could get blocked if you have conditional access policies in place that require MFA, block access from certain locations or devices, or determine that the users do not meet certain risk assessments. You can check the sign-in logs and policy settings to determine if users are getting blocked due to Conditional Access settings.

    Conditional Access and Microsoft Entra activity logs - Microsoft Entra ID | Microsoft Learn

    Let me know if this helps and if you have further questions.

     

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.