SOLVED

Get list of inactive users with licenses assigned in Microsoft 365

MVP

I have a Microsoft 365 tenant with more than 1000 users in it. I need to get a list of users who have not been active for the last 180 days but are assigned with licenses. The goal is to check if users left the company but never removed their licenses although inactive, which is a waste of money. Please advice. 

11 Replies
Thanks, but this does not have a way to get users with licenses assigned
best response confirmed by Dileepa S.Rajapaksa (MVP)
Solution
To be more precise you could:

1/ Get all the users with licenses assigned
The most simple solution is: Get-MsolUser -All | where {$_.isLicensed -eq $true}

To go further, I use several custom scripts :
- To get a list of the licenses assigned to a user (ex : Office 365 E3) : https://github.com/thijoubert/Sharing/blob/main/PowerShell/AAD_Licenses_Users.ps1
- To get a full list of the SKU assigned to a user (ex : SharePoint Online P2) : https://github.com/thijoubert/Sharing/blob/main/PowerShell/AAD_Licenses_Users_Details.ps1

2/ Get the last sign-in date for you users:
The most simple solution : https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-use...
You could use Graph explorer with an admin account

3/ Cross-reference the two lists to get your answer

@thijoubertold i'm getting the following error in Graph API when try this.

Screenshot 2021-10-05 at 1.59.12 PM.png

 

Did you grant the relevant permissions?
- User.Read.All
- Directory.Read.All
- Auditlogs.Read.All
In the modify permission tab I cannot see the Auditlogs.Read.All... Where can I locate them?

@Dileepa S.Rajapaksa 

You can find it here: 

Thijoubert_1-1633426075783.png

Hope this helps

 

Thank you so much this saved my life...

@Dileepa S.RajapaksaAzure AD is an enterprise product. How can it be that a page/list of inactive users is not available in the interface, by default? It's actually mindblowing.... 

As you said it is an Enterprise Product so they provide the infrastructure with an API.
Pretty user interface and prebuilt reports are second class user cases.
pretty snooty reply. but it's nonsense. As a charity user I get hounded to make sure my users are all active, that I must de-license the inactive ones, but microsoft provides no easy report to tell me which those are. non-usability is not an 'enterprise' feature. It's a stupid feature.