05-30-2017 06:24 AM
09-22-2017 12:00 AM
There are various powershell scripts about. I'm currently browsing for one which looks trustworthy. It amazes me that there isn't a standard report in 365 to show this though!
09-22-2017 01:04 AM
Hi Pete, yes and not a single response from anyone in Microsoft - which is my experience of over 3 years of trying to raise this issue with them both directly and via forums like this.
Clearly there is no way to actually produce this information and that creates a real risk to using O365. It should be this report that people use to ensure that inactive accounts are shut down, not leaving them open for abuse.
09-22-2017 01:08 AM
I've just used this one. I was hoping to get a csv export but this at least listed the mailboxes I was after: https://community.spiceworks.com/how_to/104316-list-inactive-users-in-office-365
09-22-2017 03:10 AM
Unfortunately, that has the common issue that it ONLY looks at mailbox logins and is based on Exchange data.
Microsoft seem unable to realise that not everyone is using Exchange Online and that logins may occur for different reasons.
The most reliable method I've found so far requires you to run a complex script against the combined audit log. Last time I ran it, it took over 10 hours against 7k accounts.
If Exchange Online logins are a reliable measure of user activity in your case then you will be fine and there are plenty of examples of scripts to do what you want.
05-15-2019 02:35 AM
I'd suggest using below script for getting Office 365 Inactive users with last logon time, Inactive days, Mailbox type, Assigned license and Admin roles.
05-15-2019 06:16 AM
Hi Kathy, thanks for your response but this does NOT answer the question I'm afraid. This script, like the others mentioned only reports when users last logged into their Exchange Online mailboxes.
That is far from being the only service on Office 365 and if the user is not using their mailbox but is using other aspects of Office 365, this will result in an incorrect report.
I have yet to find any reliable way to understand inactive users without having to grab the detailed combined log and aggregating it over the number of days you need to check (unless the number of days is less than the available log data).
This remains a major security failing of Office 365 since there is no simple way to find truly inactive users and suspend them as best practice would suggest.
05-17-2019 05:44 AM
07-09-2019 03:18 AM
@Kathy_Cooper Not true I'm afraid. Get-MailboxStats shows the last time a Mailbox was "fettled" by either a user, or critically, Exchange (Database Services or Discovery Services). Therefore the last logon date of a mailbox will be inaccurate.
As for AdminDroid, it's slow, clunky, and costs money if you want any of the decent premium features.
I appreciate that MS want to cream money from tenants by hoping the keep users active, and therefore, paying for a licence, but there should be an easy to find report that shows users who have not authenticated against Azure or O365 for x number of days, either through the GUI or PS
07-10-2019 12:42 AM
by tris3s10 on April 13, 2020
by Jonas Back on August 15, 2019
by harshabatuka on April 23, 2019
by Tara_Roth on May 12, 2020
by Martin Nothnagel on April 15, 2020