Inactive users in SharePoint can pose security risks and lead to unnecessary license consumption. Removing or disabling them ensures that only active and authorized users have access to sensitive data.
This guide covers:
✔ How to identify inactive users in SharePoint
✔ Steps to remove or disable inactive users
✔ Best practices for managing user access in SharePoint
1. Why Remove Inactive Users from SharePoint?
Security Risks – Inactive accounts can be exploited by hackers.
License Optimization – Free up Microsoft 365 licenses for active users.
Data Compliance – Meet regulatory requirements by ensuring only authorized users have access.
Example: A former employee who left six months ago still has access to sensitive files. Removing their access prevents data leaks.
2. Identifying Inactive Users in SharePoint
A. Using Microsoft Entra ID (Azure AD) Reports
Microsoft Entra ID (formerly Azure AD) provides sign-in activity reports to identify inactive users:
1️⃣ Go to Microsoft Entra ID Admin Center (https://entra.microsoft.com)
2️⃣ Navigate to Users ➝ Sign-in Logs
3️⃣ Filter by Inactive Accounts (e.g., no sign-ins for 90 days)
4️⃣ Export the list for review
B. Using Microsoft 365 Admin Center
1️⃣ Sign in to Microsoft 365 Admin Center
2️⃣ Go to Reports ➝ Usage
3️⃣ Select Active Users Report
4️⃣ Sort users by last activity date
Inactive users with no activity in the last 90-180 days should be reviewed.
C. Using PowerShell to Find Inactive Users
For bulk user analysis, use PowerShell to find inactive users:
powershellCopyEditConnect-MsolService
$InactiveDays = 90
$Date = (Get-Date).AddDays(-$InactiveDays)
Get-MsolUser | Where-Object { $_.LastLogonTime -lt $Date } | Select DisplayName,UserPrincipalName,LastLogonTime
This script lists users who have not logged in for the last 90 days.
3. Removing Inactive Users from SharePoint
A. Disable Inactive Users in Microsoft Entra ID
If a user is no longer active, disable their account instead of deleting it immediately:
1️⃣ Go to Microsoft Entra ID Admin Center
2️⃣ Select Users ➝ Inactive User
3️⃣ Click Disable Account
Best Practice: Keep accounts disabled for a retention period before deletion.
B. Remove User Permissions in SharePoint
1️⃣ Open Microsoft 365 Admin Center
2️⃣ Go to Active Users ➝ Select the User
3️⃣ Click Manage Roles ➝ Unassign all SharePoint roles
4️⃣ Remove them from SharePoint Groups
This removes their access but keeps their account for auditing.
C. Delete Users from SharePoint Site Collections
To remove a user from a specific SharePoint site:
1️⃣ Open SharePoint Admin Center
2️⃣ Navigate to Active Sites ➝ Select Site
3️⃣ Click Site Permissions
4️⃣ Find the user and Remove Permissions
D. Remove a User from SharePoint Using PowerShell
For bulk user removal from SharePoint, use PowerShell:
powershellCopyEdit$User = "user@domain.com"
$SiteURL = "https://yourtenant.sharepoint.com/sites/yoursite"
Connect-SPOService -Url "https://yourtenant-admin.sharepoint.com"
Remove-SPOUser -Site $SiteURL -LoginName $User
This script removes the specified user from a SharePoint site.
4. Automating Inactive User Management
A. Set Up an Inactivity Policy in Microsoft Entra ID
You can configure automatic deactivation of inactive users:
1️⃣ Go to Microsoft Entra ID ➝ Identity Protection
2️⃣ Click User Risk Policies
3️⃣ Set up a policy to block users with no activity for 90+ days
B. Use Microsoft Power Automate for Auto-Removal
Create a flow to automatically remove inactive users:
1️⃣ Open Power Automate
2️⃣ Create a new flow “When a user is inactive for 90 days”
3️⃣ Add actions: Get User Details ➝ Remove from SharePoint Groups
4️⃣ Schedule to run every month
This helps automate inactive user cleanup.
5. Best Practices for Managing Inactive Users
✔ Enable Multi-Factor Authentication (MFA) to prevent unauthorized access
✔ Implement regular access reviews (e.g., every 6 months)
✔ Use expiration policies for guest users in SharePoint
✔ Retain disabled accounts for audit purposes before deletion
✔ Train IT admins to monitor and remove inactive users efficiently