If you have an environment on-premises and are starting to take advantage of the cloud, then there’s a lot to be aware of. One big thing to take notice of is that Azure AD does not respect user expired state in AD. When logging on to Office 365 services outside of ADFS with CloudNative Auth, this becomes a huge problem. Even though the user is expired in AD, it might be able to log on to your cloud services. Therefore, I have written a script that you should run on a daily schedule, that disables expired users in AD and revoke any Azure AD tokens the user might have.