Deny login after X days

New Contributor

We are looking to restrict who can login to a device without connecting to our network to authenticate first. Currently, we are deploying Jamf connect, so that is a bigger concern over the on-prem nature of AD.

The desire is that the user must login via the Azure prompts at least once every 30 days to login.  If the user doesnt login via Azure within the 30 days prior, we want to block the login.  I did a bunch of digging and didnt see anything here. Reached out to Jamf support, they sent me over here as there's nothing native that would work.  Wondering if anyone has done something like this.


Basically.... on local login only a script checks the user account for date of last login. If that login is <30 days ago, proceed. If >30, return to login screen and display a message that online login is required.