Forum Discussion
Alistair Trigg
Jun 01, 2022Brass Contributor
Office365 Active User Report
Hi
We are trying to manage inactive better and I am currently comparing two reports:
Office365ActiveUserDetail from the O365 Admin centre and the LastSignInDate from a report I have run from Azure AD and Graph. The Azure report highlights some stale accounts that haven't been accessed for over 90 days but the Office365 one shows recent exchange activity. I obviously don't want to close stale accounts that users might still be using.
I would have thought that if a user was using their account to access their mail even through an app etc their LastSignInDate would have updated itself?
Alistair
- LastSignInDate only reflects Interactive logins, as in the user performed a full sign-in (entered credentials or used whatever primary auth method they have configured). With the OAuth model most applications now use, the majority of sign-in events are non-interactive ones, where the client presents a valid refresh token to continue accessing a given app/service. In some cases, even months after the last "interactive" login, as long as the refresh token is valid.
- If you are obtaining the Graph data, look at the lastNonInteractiveSignInDateTime value.