User object should include an Enabled / Disabled state.

[pagbabian-splunk]

Jason from Microsoft brought this up as part of the discussion around PR #1076 re: standard state values.

If we decide to add Enabled and Disabled as standard (dictionary defined) state_id enums that today are just 0 / 99, it can be applied to User and other objects whose state may be enabled or disabled after an operation or during a discovery.

[jonrau-at-queryai]

+1. Perhaps this is better as an is_enabled or is_disabled bool longer term.

Snowflake, Crowdstrike, SentinelOne, and others have this tracked per-User but also per-Device in some cases.