Set-MsOUserBlockStatus

MSOnline: Set user sign-in block status

Script

#Requires -Version 5.1

[CmdletBinding()]
Param(
    [Parameter(Mandatory = $true, ParameterSetName = 'Id')]
    [guid]$UserObjectId,
    [Parameter(Mandatory = $true, ParameterSetName = 'Name')]
    [string]$UserName,
    [Parameter(ParameterSetName = 'Name')]
    [Parameter(ParameterSetName = 'Id')]
    [switch]$Enabled,
    [Parameter(ParameterSetName = 'Name')]
    [Parameter(ParameterSetName = 'Id')]
    [guid]$TenantId
)

Process {
    try {
        if ($PSCmdlet.ParameterSetName -eq 'Id') { $user = Get-MsolUser -ObjectId $UserObjectId -TenantId $TenantId -ErrorAction Stop }
        else { $user = Get-MsolUser -SearchString $UserName -TenantId $TenantId -ErrorAction Stop | Select-Object -First 1 }

        Set-MsolUser -ObjectId $user.ObjectId -BlockCredential (!$Enabled) -TenantId $TenantId -ErrorAction Stop

        $status = if ($Enabled) { 'enabled' } else { 'blocked' }
        [PSCustomObject]@{ Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'; UserName = $user.UserPrincipalName; Status = "User sign-in $status" }
    }
    catch { throw }
}

Customize

UserObjectId guid

Unique ID of the user

UserName string

Display name, Sign-In Name or UPN of the user

Enabled switch

Off

User is allowed to sign in (default). Omit to block the user.

TenantId guid

Unique ID of the tenant