Automated User & Endpoint Inactivity Lifecycle Management
Leveraging Azure Logic Apps and Microsoft Graph API to monitor Entra ID (Azure AD) and Intune activity.
The solution utilizes a serverless architecture to ensure zero maintenance and high reliability:
signInActivity for users and managedDevices for endpoints.lastSignInDateTime > 14 days.| User Display Name | Username (UPN) | Last Log-In |
|---|---|---|
| John Doe | j.doe@principality.co.uk | 2026-03-10 |
| Jane Smith | j.smith@principality.co.uk | 2026-02-28 |
| Robert Brown | r.brown@principality.co.uk | 2026-01-15 |
Yellow: Inactive > 2 Weeks | Red: Inactive > 1 Month
What happens once the report is delivered? Defining the roles and automated responses.
The Logic App sends a courtesy email to the user and their manager: "We noticed you haven't logged in for 2 weeks. If you are on extended leave, no action is required. If not, please contact IT."
The IT Service Desk cross-references the report with HR leave records. If the user is not on authorized leave, they are moved to a "Suspicious Inactivity" watchlist.
Action: User account is set to AccountEnabled = False.
Who: Triggered by Logic App based on the "Red" highlight criteria.
Result: Prevents unauthorized access while preserving mailbox and data for recovery.
Action: If an endpoint is also inactive, it is moved to a "Restricted" Intune Group or Microsoft Defender for Endpoint isolation.
Result: Device is blocked from reaching internal resources until re-certified by IT Security.
Final confirmation with Department Heads. Accounts are archived and license seats are released to optimize costs.