cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why is the lastSignInDateTime property only updated with interactive sign-ins?

Franck Silvestre
Copper Contributor

‎Nov 18 2020 12:31 AM - last edited on ‎Jan 14 2022 04:27 PM by

‎Nov 18 2020 12:31 AM - last edited on ‎Jan 14 2022 04:27 PM by

Why is the lastSignInDateTime property only updated with interactive sign-ins?

Hi,

 

To be able to detect all inactive Guest users (eg in the last 90 or 180 days), as suggested in the "Manage inactive user accounts in Azure AD" article, I built a script calling the Graph API checking the lastSignInDateTime property.

To my surprise, I noticed that very few guest accounts have the property actually filled in or with a date much older than their recent activities.

To further troubleshoot this weird behavior, I performed some "guest" activities (eg switching to the "guest" tenant in the Teams desktop and chatting, reading files and starting a meeting as a guest user). Then I checked the AAD sign-ins logs but all of my guest user sign-ins (coming from switching to the "guest" tenant) are all recorded as "non-interactive" sign-ins, nothing in interactive sign-ins!

And, as the lastSignInDateTime property is only updated with interactive sign-ins, that explains the strange behavior I reported above.

This clearly makes this property pretty useless to detect inactive Guest accounts!

 

So, why is that lastSignInDateTime property only updated with interactive sign-ins and not also with non-interactive sign-ins? That would really help to detect the actual last sign-in activity for guest users.

 

Thanks

 

Franck

5,942 Views
1 Like
3 Replies
Reply
3 Replies
ertork

‎Feb 24 2021 05:49 AM

‎Feb 24 2021 05:49 AM

Re: Why is the lastSignInDateTime property only updated with interactive sign-ins?

Having the same problem, where I am not sure that I can trust the lastSignInDateTime. What is the maximum allowed duration between interactive signins for the guest user? 

 

Does anyone have some ideas about this?


Hoping that this will be changed so that also non-interactive signins will trigger an update of the lastSignInDateTime.

 

BR,

Erik

0 Likes
Reply
Jeremy Bradshaw

‎Aug 31 2021 11:41 AM

‎Aug 31 2021 11:41 AM

Re: Why is the lastSignInDateTime property only updated with interactive sign-ins?

@Franck Silvestre Sorry to hijack your post, but I have a question for you.  Just wondering how much you've monitored the lastSignInDateTime property and how consistently accurate you find it to be?  I'm in a use case where it's OK that it only is updated by interactive sign-ins, but I remember looking at it in the past and finding it to not be accurate.

 

In hindsight, I think I may have been fooled by not realizing that it only deals with interactive sign-ins, so I may have been assuming that the non-interactive sign-ins were supposed to be updating lastSignInDateTime (mistakenly assuming, that is).

 

Thanks in advance.

0 Likes
Reply
Kenro30

‎Mar 18 2022 08:23 AM

‎Mar 18 2022 08:23 AM

Re: Why is the lastSignInDateTime property only updated with interactive sign-ins?

I dn't recall the exact date in which that field was included to the AAD objects but I know for a fact that if the user was created prior to the inclussion of the feature these won't have it, check those those user that do have it against those who don't and you'll see that the creation date differs quite a bit.
0 Likes
Reply