"Sign-in Risk" Policy Control Addition?
Add a "Disable account" control to the "Sign-in Risk" policy for the Azure Identity Protection service.
In addition, since Azure supports password write-back to an on-premises AD, it would be great to also disable user's on-premises AD account as well.
Currently, one of the admins has to catch an alert email from Azure Identity Protection and then take action to manually disable an account on-premises if an event happens.
Daniel Askin commented
The ability to add an action to initiate a sign out from all O365/AAD services would be useful for belt and braces protection in the event a users account is compromised