Check if Entra user is enabled using Graph PHP

This script uses application credentials to check if specific user is enabled in Microsoft Entra.

Tested with:

JSON

"require": {
    "php": "~8.3.20 || ~8.4.6",
    "microsoft/microsoft-graph": "^2.32"
}

Script:

PHP

use Microsoft\Graph\Generated\Models\ODataErrors\ODataError;
use Microsoft\Graph\Generated\Users\Item\UserItemRequestBuilderGetRequestConfiguration;
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Kiota\Authentication\Oauth\ClientCredentialContext;

class GraphClientAdminService
{
    public function __construct()
    {
        $context = new ClientCredentialContext(
            tenantId: config('services.microsoft.tenant'),
            clientId: config('services.microsoft.client_id'),
            clientSecret: config('services.microsoft.client_secret'),
        );

        $this->client = new GraphServiceClient($context);
    }

    /**
     * Return values:
     *
     * true - user present and enabled in the directory,
     * false - user present and disabled in the directory,
     * null - user not present in the directory.
     */
    public function isUserEnabled(string $objectId): ?bool
    {
        $requestConfiguration = new UserItemRequestBuilderGetRequestConfiguration;

        $queryParameters = UserItemRequestBuilderGetRequestConfiguration::createQueryParameters();
        $queryParameters->select = ['id', 'accountEnabled'];

        $requestConfiguration->queryParameters = $queryParameters;

        try {

            $state = $this->client
                ->users()
                ->byUserId($objectId)
                ->get($requestConfiguration)
                ->wait()
                ->getAccountEnabled();
        } catch (ODataError $e) {

            $state = null;
        }

        return $state;
    }
}

Usage:

PHP

$graphClient = new GraphClientAdminService();

$graphClient->isUserEnabled('00000000-0000-0000-0000-000000000000'); 
$graphClient->isUserEnabled('[email protected]');