I am looking for a way to use Defender for Identity to return information for all Application Accounts in my environments that meet a certain criteria, or at least in my case, a lack of criteria. I need to find out which accounts in my environment have not generated any events in a given period of time. Does this tool have that capability? I see it has some reporting ability, I just couldn't find any that do this.
If you are using the new unified portal (security.microsoft.com) you should be able to craft a query using the "Advanced hunting" feature. depending on the amount of accounts, it might be heavy, never tried that. What is the end goal? finding dormant accounts ?