MicrosoftDocs
diff --git a/‎.openpublishing.redirection.frontline.json‎
Lines changed: 5 additions & 0 deletions b/‎.openpublishing.redirection.frontline.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md‎
Lines changed: 1 addition & 2 deletions b/‎microsoft-365/commerce/subscriptions/allowselfservicepurchase-powershell.md‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell.md‎
Lines changed: 42 additions & 71 deletions b/‎microsoft-365/enterprise/block-user-accounts-with-microsoft-365-powershell.md‎
Lines changed: 42 additions & 71 deletions
@@ -5,6 +5,11 @@
          "redirect_url":"/microsoft-365/frontline/shifts-for-teams-landing-page",
          "redirect_document_id":true
       },
+      {
+         "source_path":"microsoft-365/frontline/schedule-owner-for-shift-management.md",
+         "redirect_url":"/microsoft-365/frontline/shifts-frontline-manager-worker-roles",
+         "redirect_document_id":true
+      },
       {
          "source_path":"microsoft-365/frontline/get-up-and-running.md",
          "redirect_url":"/microsoft-365/frontline/flw-team-collaboration",
 
@@ -93,15 +93,14 @@ The following table lists the available products and their **ProductId**. It als
 
 | Product | ProductId | Is trial without payment method enabled? |
 |-----------------------------|--------------|--------------|
-| Cllipchamp Premium | CFQ7TTC0N8SS | No |
+| Clipchamp Premium | CFQ7TTC0N8SS | No |
 | Power Apps per user* | CFQ7TTC0LH2H | No |
 | Power Automate per user* | CFQ7TTC0LH3L | No |
 | Power Automate RPA* | CFQ7TTC0LSGZ  | No |
 | Power BI Premium (standalone)* | CFQ7TTC0H6RP  | No |
 | Power BI Pro* | CFQ7TTC0H9MP | No |
 | Project Plan 1* | CFQ7TTC0HDB1 | Yes |
 | Project Plan 3* | CFQ7TTC0HDB0 | No |
-| Python in Excel | CFQ7TTC0S3X1 | Yes |
 | Teams Exploratory | CFQ7TTC0J1FV | Yes |
 | Teams Premium Introductory Pricing | CFQ7TTC0RM8K | Yes |
 | Visio Plan 1* | CFQ7TTC0HD33 | Yes |
 
@@ -3,7 +3,7 @@ title: "Block Microsoft 365 user accounts with PowerShell"
 ms.author: kvice
 author: kelleyvice-msft
 manager: scotv
-ms.date: 07/16/2020
+ms.date: 02/14/2024
 audience: Admin
 ms.topic: article
 ms.service: microsoft-365-enterprise
@@ -13,13 +13,15 @@ search.appverid:
 ms.collection: 
 - scotvorg
 - Ent_O365
+- must-keep
 f1.keywords:
 - CSH
 ms.custom:
   - Ent_Office_Other
   - PowerShell
   - seo-marvel-apr2020
   - has-azure-ad-ps-ref
+  - azure-ad-ref-level-one-done
 ms.assetid: 04e58c2a-400b-496a-acd4-8ec5d37236dc
 description: How to use PowerShell to block and unblock access to Microsoft 365 accounts.
 ---
@@ -30,60 +32,79 @@ description: How to use PowerShell to block and unblock access to Microsoft 365
 
 When you block access to a Microsoft 365 account, you prevent anyone from using the account to sign in and access the services and data in your Microsoft 365 organization. You can use PowerShell to block access to individual or multiple user accounts.
 
-## Use the Azure Active Directory PowerShell for Graph module
+## Block access to individual user accounts
 
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-azure-active-directory-powershell-for-graph-module).
+>[!NOTE]
+> The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/powershell/microsoftgraph/get-started).
 
-### Block access to individual user accounts
+First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md).
+
+Blocking and unblocking user accounts requires the **User.ReadWrite.All** permission scope or one of the other permissions listed in the ['List subscribedSkus' Graph API reference page](/graph/api/subscribedsku-list).
+
+```powershell
+Connect-Graph -Scopes User.ReadWrite.All
+```
 
 Use the following syntax to block an individual user account:
 
 ```powershell
-Set-AzureADUser -ObjectID <sign-in name of the user account> -AccountEnabled $false
+$params = @{
+	accountEnabled = $false
+}
+Update-MgUser -UserId <sign-in name of the user account> -BodyParameter $params
 ```
 
 > [!NOTE]
-> The *-ObjectID* parameter in the **Set-AzureAD** cmdlet accepts either the account sign-in name, also known as the User Principal Name, or the account's object ID.
+> The *-UserId* parameter in the **Update-MgUser** cmdlet accepts either the account sign-in name, also known as the User Principal Name, or the account's object ID.
 
 This example blocks access to the user account *[email protected]*.
 
 ```powershell
-Set-AzureADUser -ObjectID [email protected] -AccountEnabled $false
+$params = @{
+	accountEnabled = $false
+}
+Update-MgUser -UserId "[email protected]" -BodyParameter $params
 ```
 
 To unblock this user account, run the following command:
 
 ```powershell
-Set-AzureADUser -ObjectID [email protected] -AccountEnabled $true
+$params = @{
+	accountEnabled = $true
+}
+Update-MgUser -UserId "[email protected]" -BodyParameter $params
 ```
 
 To display the user account UPN based on the user's display name, use the following commands:
 
 ```powershell
 $userName="<display name>"
-Write-Host (Get-AzureADUser | where {$_.DisplayName -eq $userName}).UserPrincipalName
+Write-Host (Get-MgUser -All | where {$_.DisplayName -eq $userName}).UserPrincipalName
 
 ```
 
 This example displays the user account UPN for the user  *Caleb Sills*.
 
 ```powershell
 $userName="Caleb Sills"
-Write-Host (Get-AzureADUser | where {$_.DisplayName -eq $userName}).UserPrincipalName
+Write-Host (Get-MgUser -All | where {$_.DisplayName -eq $userName}).UserPrincipalName
 ```
 
 To block an account based on the user's display name, use the following commands:
 
 ```powershell
 $userName="<display name>"
-Set-AzureADUser -ObjectID (Get-AzureADUser | where {$_.DisplayName -eq $userName}).UserPrincipalName -AccountEnabled $false
-
+$user = Get-MgUser -Filter "displayName eq '$userName'"
+$params = @{
+	accountEnabled = $false
+}
+Update-MgUser -UserId $user.Id -BodyParameter $params
 ```
 
 To check the blocked status of a user account use the following command:
 
 ```powershell
-Get-AzureADUser  -ObjectID <UPN of user account> | Select DisplayName,AccountEnabled
+Get-MgUser -ObjectID <UPN of user account> -Property "displayName,accountEnabled" | Select displayName, accountEnabled
 ```
 
 ### Block multiple user accounts
@@ -101,71 +122,21 @@ In the following commands, the example text file is *C:\My Documents\Accounts.tx
 To block access to the accounts listed in the text file, run the following command:
 
 ```powershell
-Get-Content "C:\My Documents\Accounts.txt" | ForEach {Set-AzureADUser -ObjectID $_ -AccountEnabled $false}
+$params = @{
+	accountEnabled = $false
+}
+Get-Content "C:\My Documents\Accounts.txt" | ForEach {Update-MgUser -UserId $_ -BodyParameter $params}
 ```
 
 To unblock the accounts that are listed in the text file, run the following command:
 
 ```powershell
-Get-Content "C:\My Documents\Accounts.txt" | ForEach {Set-AzureADUser -ObjectID $_ -AccountEnabled $true}
-```
-
-## Use the Microsoft Azure Active Directory module for Windows PowerShell
-
-First, [connect to your Microsoft 365 tenant](connect-to-microsoft-365-powershell.md#connect-with-the-microsoft-azure-active-directory-module-for-windows-powershell).
-
-### Block individual user accounts
-
-Use the following syntax to block access for an individual user account:
-
-```powershell
-Set-MsolUser -UserPrincipalName <sign-in name of user account>  -BlockCredential $true
-```
-
->[!Note]
->PowerShell Core doesn't support the Microsoft Azure Active Directory module for Windows PowerShell module and cmdlets that have *Msol* in their name. You have to run these cmdlets from Windows PowerShell.
-
-This example blocks access to the user account *fabricec\@litwareinc.com*.
-
-```powershell
-Set-MsolUser -UserPrincipalName [email protected] -BlockCredential $true
-```
-
-To unblock the user account, run the following command:
-
-```powershell
-Set-MsolUser -UserPrincipalName <sign-in name of user account>  -BlockCredential $false
+$params = @{
+	accountEnabled = $true
+}
+Get-Content "C:\My Documents\Accounts.txt" | ForEach {Update-MgUser -UserId $_ -BodyParameter $params}
 ```
 
-To check the blocked status of a user account run the following command:
-
-```powershell
-Get-MsolUser -UserPrincipalName <sign-in name of user account> | Select DisplayName,BlockCredential
-```
-
-### Block access for multiple user accounts
-
-First, create a text file that contains one account on each line like this:
-
-```powershell
-[email protected]
-[email protected]
-[email protected]
-```
-
-In the following commands, the example text file is *C:\My Documents\Accounts.txt*. Replace this file name with the path and file name of your text file.
-
-To block access for the accounts that are listed in the text file, run the following command:
-
-  ```powershell
-  Get-Content "C:\My Documents\Accounts.txt" | ForEach { Set-MsolUser -UserPrincipalName $_ -BlockCredential $true }
-  ```
-To unblock the accounts listed in the text file, run the following command:
-
-  ```powershell
-  Get-Content "C:\My Documents\Accounts.txt" | ForEach { Set-MsolUser -UserPrincipalName $_ -BlockCredential $false }
-  ```
-
 ## See also
 
 [Manage Microsoft 365 user accounts, licenses, and groups with PowerShell](manage-user-accounts-and-licenses-with-microsoft-365-powershell.md)