May 30 2017 06:24 AM
Sep 22 2017 12:00 AM
There are various powershell scripts about. I'm currently browsing for one which looks trustworthy. It amazes me that there isn't a standard report in 365 to show this though!
Sep 22 2017 01:04 AM
Hi Pete, yes and not a single response from anyone in Microsoft - which is my experience of over 3 years of trying to raise this issue with them both directly and via forums like this.
Clearly there is no way to actually produce this information and that creates a real risk to using O365. It should be this report that people use to ensure that inactive accounts are shut down, not leaving them open for abuse.
Sep 22 2017 01:08 AM
I've just used this one. I was hoping to get a csv export but this at least listed the mailboxes I was after: https://community.spiceworks.com/how_to/104316-list-inactive-users-in-office-365
Sep 22 2017 03:10 AM
Unfortunately, that has the common issue that it ONLY looks at mailbox logins and is based on Exchange data.
Microsoft seem unable to realise that not everyone is using Exchange Online and that logins may occur for different reasons.
The most reliable method I've found so far requires you to run a complex script against the combined audit log. Last time I ran it, it took over 10 hours against 7k accounts.
If Exchange Online logins are a reliable measure of user activity in your case then you will be fine and there are plenty of examples of scripts to do what you want.
May 15 2019 02:35 AM
I'd suggest using below script for getting Office 365 Inactive users with last logon time, Inactive days, Mailbox type, Assigned license and Admin roles.
May 15 2019 06:16 AM
Hi Kathy, thanks for your response but this does NOT answer the question I'm afraid. This script, like the others mentioned only reports when users last logged into their Exchange Online mailboxes.
That is far from being the only service on Office 365 and if the user is not using their mailbox but is using other aspects of Office 365, this will result in an incorrect report.
I have yet to find any reliable way to understand inactive users without having to grab the detailed combined log and aggregating it over the number of days you need to check (unless the number of days is less than the available log data).
This remains a major security failing of Office 365 since there is no simple way to find truly inactive users and suspend them as best practice would suggest.
May 17 2019 05:44 AM
Jul 09 2019 03:18 AM
@Kathy_Cooper Not true I'm afraid. Get-MailboxStats shows the last time a Mailbox was "fettled" by either a user, or critically, Exchange (Database Services or Discovery Services). Therefore the last logon date of a mailbox will be inaccurate.
As for AdminDroid, it's slow, clunky, and costs money if you want any of the decent premium features.
I appreciate that MS want to cream money from tenants by hoping the keep users active, and therefore, paying for a licence, but there should be an easy to find report that shows users who have not authenticated against Azure or O365 for x number of days, either through the GUI or PS
Jul 10 2019 12:42 AM
Nov 25 2020 01:35 AM
Jun 10 2021 03:31 PM