According to this article , we can get list of users which are inactive for certain number of days with an HTTP request as the sample below:
https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2021-10-01T00:00:00Z
This endpoint returns the list of users with their last sign-in activity details. In my use-case, I'll need to notify these users about their inactivity. But when I try to process the list, I can see that there are records which don't exist in my AD anymore (like employees who left the organization several months ago). Please see the (UserID2) in the sample JSON response.
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#users(id,displayName,signInActivity,userPrincipalName,mail,accountEnabled)",
"value": [
{
"id": "UserID1",
"signInActivity": {
"lastSignInDateTime": "2021-06-30T00:47:48Z",
"lastSignInRequestId": "32f180e7-c24e-4e27-8bd9-3d2c13d6e1af",
"lastNonInteractiveSignInDateTime": "0001-01-01T00:00:00Z",
"lastNonInteractiveSignInRequestId": ""
}
},
{
"id": "UserID2 (This user does not exist anymore in my AD)",
"signInActivity": {
"lastSignInDateTime": "2020-07-02T23:46:36Z",
"lastSignInRequestId": "efff8b99-4bc5-4a39-a7bc-5a07587525b8",
"lastNonInteractiveSignInDateTime": "0001-01-01T00:00:00Z",
"lastNonInteractiveSignInRequestId": ""
}
},
{
"id": "UserID3",
"signInActivity": {
"lastSignInDateTime": "2021-09-04T17:41:12Z",
"lastSignInRequestId": "41818b7a-07ea-4b1f-b75b-e533d9e1be77",
"lastNonInteractiveSignInDateTime": "0001-01-01T00:00:00Z",
"lastNonInteractiveSignInRequestId": ""
}
}]
}
Feature request: It would be great if we can supply an additional boolean flag when making the Graph API call, so the response only contains existing users.