Forum Discussion
Microsoft Graph API : Some attributes are null when filtering by signInActivity/lastSignInDateTime
Hi. I have trouble retrieving the user's givenName and surname using Microsoft Graph API together with filtering using signInActivity/lastsignInDateTime.
Here is the url I'm using:
const graphUsersUrl = "https://graph.microsoft.com/V1.0/users?$top=999&$filter=signInActivity/lastSignInDateTime ge 2025-06-24T14:45:15Z and signInActivity/lastSignInDateTime le 2025-06-25T14:45:15Z&$select=id,givenName,surname,identities,signInActivity";
function mapUserEmails(userData: Array<any>) {
return userData.map((userInstance) => {
console.log(userInstance.givenName);
return {
userId: userInstance.id,
givenName: userInstance.givenName,
lastName: userInstance.surname,
issuerAssignedId: userInstance.issuerAssignedId,
userEmail: (
userInstance.identities as Array<{
signInType: string;
issuerAssignedId: string;
}>
).find((userIdentity) => userIdentity.signInType === "emailAddress")
?.issuerAssignedId,
lastSignInDateTime: userInstance.signInActivity?.lastSignInDateTime,
};
});
}
In the returned result, the userId and lastSignInDateTime have values, but givenName and lastName are null.
How can I get the values for givenName and surname?
Any help is appreciated.
7 Replies
Update : After submitting a Microsoft Support ticket about the issue, the MS support team confirmed that this is a design limitation. Their suggestion is to retrieve the data in 2 steps:
- Filter by the LastSignInDateTime date range. The results will contain the ID of the user.
- For each of the results in #1, do a second query to search by ID
url3 = "https://graph.microsoft.com/V1.0/users?$top=10&$filter=id eq 'xxx'&$select=id,givenName,surname,identities"You can fill in the value for 'xxx' by looping through the results of #1.
I have Directory.ReadAll permissions. Furthermore, I don't think it's a permissions issue because if I use a different filter, I can get data for the givenName and surname attributes. A sample url with filter that works is:
const graphUsersUrl = "https://graph.microsoft.com/V1.0/users?$top=999&$filter=startswith(givenName,'a')&$select=id,givenName,surname,identities,signInActivity";VasilMichev​ I have these permissions:
I don't think it's a permissions issue because if I use a url with different filter like below, I got data in the givenName and surname fields.
const graphUsersUrl = "https://graph.microsoft.com/V1.0/users?$top=999&$filter=startswith(givenName,'a')&$select=id,givenName,surname,identities,signInActivity";Are you getting the data for the same users though? Keep in mind that when you query the signInActivity property, Graph makes a call to a different service on the backend, and only then correlates the results with the user store. There are few implications here, the first one being that said service doesn't give you real-time data, so any changes in user properties are not reflected immediately. Another one is that the service returns sign in activity for cross-tenant access, that is it gives a separate entry for when a email address removed for privacy reasons accesses any other tenant, and said entries are populated without any user details apart from id. I wrote an article about this a while back: https://www.michev.info/blog/post/5845/non-existent-users-show-up-in-sign-in-activity-data-or-how-logs-continue-to-disappoint
So now that we know permissions are not the issue, make sure the user data is in order. The article above also tells you how to query the AAD reporting service directly, so you can see the "raw" replies therein.
Hi Vasil. Thanks for the link to your article. I also did another test where I know for sure my test user will appear in the results:
const graphUsersUrl = "https://graph.microsoft.com/V1.0/users?$top=999&$filter=signInActivity/lastSignInDateTime ge 2025-06-23T14:45:15Z and signInActivity/lastSignInDateTime le 2025-06-25T14:45:15Z&$select=id,givenName,surname,identities,signInActivity";In the result after running the above query, I can find my test user with the correct GUID (but NO givenName or surname) in the result set (there are other users in the results too, which is the scenario you mentioned in your article (e.g. other tenants etc).
Why is it that the correct GUID for my test user is in the result, but the givenName or surname are null? With the correct GUID, it is not a mismatch GUID for other tenants.
What permissions are you running with? Some properties might be returned as null values if you have insufficient permissions, see here: https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http#limited-information-returned-for-inaccessible-member-objects
In this case, I suspect you might be missing the user-related permissions, and likely only running with the Audit log ones. For the record, the query above works fine for me with "proper" permissions.
