Imagine inactive accounts piling up in your Microsoft 365 tenant 😱. They’re unused, forgotten, and sometimes unnoticed — until they become a security risk. That’s exactly the problem the new inactive users lifecycle workflow in Entra ID is built to solve. Currently in Public Preview, this feature automatically detects and manages inactive user accounts. It helps you maintain a secure, compliant environment without the hassle of manual cleanup.

How to Manage Inactive users using Lifecycle workflows

Microsoft Entra’s inactive users lifecycle workflows monitor user sign-in inactivity and automates the disabling and deleting of users when users haven’t logged in for a specified period. Think of it as an automated assistant that keeps track of inactive accounts and takes action based on your organization’s policies.

The workflow uses a sign-in inactivity trigger that you can configure anywhere from 30 to 730 days. When a user exceeds your threshold, the system automatically executes the tasks you’ve defined.

Prerequisites to use Inactive Users Lifecycle Workflows

To use this feature:

  • You need Microsoft Entra ID Governance or Microsoft Entra Suite licenses.
  • You must have Lifecycle Workflows Administrator privileges in the Entra admin center.

How to Set Up Lifecycle Workflows for Inactive User Management

Follow these steps to configure a workflow that automatically detects inactive users and takes action to keep your tenant secure and efficient.

  1. Sign in to the Microsoft Entra admin center.
  1. Navigate to ID Governance > Lifecycle Workflows > Workflows.
  1. Select an existing workflow or create a new one using the workflow template.
  1. Enter a unique name and description for your workflow on the Basics tab.
  1. Select the Trigger type as Sign-in inactivity (Preview) in the Trigger details section.
  1. Under the Days of inactivity, enter the number of days you want the trigger to run for if exceeded, and then select Next.
  1. Click Next and set the scope for which users the workflow applies to in the Configure Scope tab.
  1. Choose tasks to run for inactive users, e.g., disable account, send email notification on the Review tasks tab.
  1. Review and click Create on Review + create tab.

With just a few clicks, your workflow is live, automatically monitoring inactive users, notifying managers, and taking actions to keep your tenant secure.

Key Features of Lifecycle Workflows for Inactive Users

Let’s take a closer look at how this feature helps you balance automation and control when managing inactive users in Microsoft Entra.

Flexible Trigger Configuration

Define inactivity thresholds and scopes so workflows run exactly when and where you need them.

  • Set custom inactivity thresholds (e.g., 30, 60, or 730 days)
  • Monitor last successful sign-in activity of inactive users
  • Apply to specific user scopes using rule-based targeting

Automated Task Execution

The workflow supports various automated actions for inactive users:

  • Send email notifications to managers about user inactivity
  • Disable user accounts in the directory
  • Delete user accounts permanently
  • Remove licenses to optimize costs
  • Remove users from Microsoft Entra groups
  • Remove users from Teams memberships

Rule-Based Scoping

Apply workflows to specific users based on key attributes:

  • User type
  • Account status (Enabled/Disabled)
  • Department or role-based filtering
  • License assignments

Instead of manually reviewing inactive users in Microsoft 365, admins can now rely on automated workflows to keep their directory clean and secure. This not only reduces risk but also saves valuable admin time.