Deprovision user remove Azure and M365 roles

Hello All, is is possible via Adaxes deprovisioning to remove all his Azure and M365 roles besides custom Powershell script?

Regards Ivaylo

by (100 points)
by (330 points)
0

@ivaylo.valkov

This should be possible but only if you use groups to manage your role and license assignments. Otherwise you will need to use custom Powershell.

In Azure AD, you can have groups assigned to role assignments or licenses. Then during a deprovision use Adaxes to remove the user from the group, and thus removed from the role or license assignment.

by (100 points)
+1

This is what I though so I changed the roles assignment from direct to group based.

Thank you!

1 Answer

by (308k points)
Best answer
0 votes

Hello Ivaylo,

Unfortunately, there is no such possibility. That is something you can only do using a script. The following article by Microsoft should be helpful: https://learn.microsoft.com/en-us/powershell/module/azuread/remove-azureaddirectoryrolemember?view=azureadps-2.0.

Related questions

As part of offboarding users I need to keep a note of all AD/Entra groups, Azure / M365 roles and licenses

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24, 2024 by dhardyuk (20 points)
0 votes
1 answer
How can I add users to (and remove users from) a group based on the M365 License a user has?

We would like the membership in a distribution group to be based on a particular M365 license a user has (for example, Microsoft Copilot for Microsoft 365 (SKU part number ... the group. Is there way to do that by making it a rule-based group?

asked Mar 11 by RayBilyk (290 points)
0 votes
1 answer
Deprovision users only disables the user and nothing more.

I have Deprovision set to the following It half works. It will only disable the users and thats it. It wont move them to a disabled users OU, reset the PW or change the ... are empty". I don't know what is wrong or why it isnt working as intended.

asked Nov 28, 2022 by LEGIT1 (150 points)
0 votes
1 answer
How to I delegate Send As permission and Full Access permission to a defined user during Deprovision?

Using the built in 'Deprovision' Custom Command, I would like the person that is trying to Deprovision a user (Help Desk member) be asked who (from a list of existing active ... to leave the question 'blank', which means that no one gets access to the mailbox.

asked Apr 22, 2020 by RayBilyk (290 points)
0 votes
1 answer
Scheduled task disable user if inactive on AD and Azure

I want to create a scheduled task to disable a user if he is inactive for 30days, the task must check inacivity o AD and Azure.

asked May 16, 2024 by johanpr (120 points)
0 votes
1 answer