WE have an attestation policy to re-certify Azure AD accounts.
It has 4 step approval workflow and at the last step if approval step timeouts then we have kept the case as denied but Accounts are not getting disabled after attestation gets denied
Is this the normal behavior of system?
Do we have to call any approval external procedure step to trigger an event to disable AD after last denied step?
your feedback would be appreciated.