Deprovisioned vs Suspended and How to Use API Requests

My user’s scenario is to create a policy when a user has to renew his activation after an X amount of time. in between, I want to remove the access to login into Okta.

  1. I’ve read through the Okta documentation about user account status, but I still do not have a clear idea of which one should I use (‘Suspended’ or ‘Deprovisioned’). My intuition says ‘Suspended’ so the user will keep their password once renewed, but there are any other differences between those two I should be aware of?
  2. is there a defined policy that I can create to achieve this sort of “deactivation” once the user has passed X amount of time since creation?
  3. In addition, I’m migrating a bulk of users, some of them should be added as “deactivated”. Is there a way to do it through an API request?

Does nobody know the answers to these questions?