Find Inactive Users in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global administrator or Azure AD administrator.

Option 1 Using Microsoft 365 Admin Center

Login to the Microsoft 365 admin center using your administrator credentials.
Click on the Users tab in the left-side menu and select the "Active users" tab.
Find a specific user and click on the username to open the properties. Then look for "Last sign-in".

After identifying inactive users, you can remove their Microsoft 365 licenses and delete their accounts permanently.

Option 2 Using Windows PowerShell:

As we all know, manually checking each user's sign-in logs can be tedious, and it captures only the last 30 days of user sign-ins, excluding service logins.
However, using the Get-MgUser cmdlet, you can easily retrieve Microsoft 365 users' last logon time with precise information.

Windows PowerShell

 Get-MgUser -UserId <UserId> -Property SigninActivity | select -ExpandProperty SigninActivity

This cmdlet retrieves a user's most recent login details in Microsoft 365. However, this cmdlet requires additional steps to find inactive days, which can be time-consuming.

Option 3 Using PowerShell Script

To ease the pain of Microsoft 365 admins, we have developed a PowerShell script that generates multiple inactive user reports featuring real-time use cases.
Download and run the following script in the Administrator PowerShell.

GetM365InactiveUserReport.ps1

AdminDroid Solution

More than 150 reports are under free edition.

AdminDroid Permission Required

Delegated

Any user with report access assigned by Super Admin.

StepsUsing AdminDroid Office 365 Reporter

Login to the AdminDroid Office 365 reporter.
Navigate to the M365 Inactive User Management Report Collection under ReportBoards»Usage and Adoption.

This M365 Inactive User Management Report Collection ReportBoard is specifically designed to highlight key information about inactive accounts across various Microsoft 365 services.

Thus, you can quickly identify inactive users and revoke unused licenses within your organization.

Automate the periodic monitoring of inactive Microsoft 365 users to reduce unnecessary license consumption and enhance overall productivity.

Explore a full range of reporting options

Microsoft 365 inactive users report at your doorsteps!

Never miss an inactive user in Microsoft 365 organization – Always be a step ahead of inactive users' management with AdminDroid.

Witness the report in action using the

Live Demo

Important Tips

Identify Microsoft 365 inactive users, especially those with weak or unchanged passwords by enforcing Entra ID password policies on all users in your organization.

Manage inactive users to optimize Microsoft 365 license usage and eliminate unnecessary licensing costs from your Office 365 environment.

Exporting Microsoft 365 stale user accounts helps to refine storage resources by cleaning up unnecessary data and improving organization productivity.

Azure ADRemove Inactive Users to Avoid Data Breaches in Microsoft 365

Showing 1 of 5

Why is it a problem to have inactive users in Microsoft 365? How to audit user activity in Microsoft 365? How to view a detailed report of inactive users in Microsoft 365? How to see inactive guest users in Azure AD? How to delete inactive Microsoft 365 users and remove their licenses?

Why is it a problem to have inactive users in Microsoft 365?

Inactive users in Microsoft 365 can indeed pose various security risks. If an inactive user’s account is compromised, it can be used to send phishing emails or launch other types of attacks. Below are a few cases that lead to severe security damage in your organization.

Potential Access to Sensitive Data: Inactive users might have permission to access sensitive or confidential information, posing a risk if their Microsoft 365 accounts are compromised.
Missing Multifactor Authentication (MFA): Often, inactive accounts lack MFA, making them easier targets for unauthorized access as they bypass this additional security layer.
Insider Threat Vector: Inactive accounts in Azure AD can be used as a vector for insider threats, as they may not be monitored as closely as active accounts.
Password Vulnerability: Inactive users may have outdated or well-known passwords, increasing the risk of compromise, especially if password policies have been updated since the account became inactive.
Resource Wastage: Inactive user accounts consume Microsoft 365 licenses and resources, leading to unnecessary expenses for the organization.
Bypassing Security Controls: Inactive users might escape the scrutiny of even Microsoft 365 advanced security systems due to their lack of activity, potentially becoming a blind spot in security monitoring.

Thus, properly managing and regularly auditing inactive Microsoft 365 users are crucial steps in mitigating the above risks and ensuring a secure and compliant IT environment.

AdminDroid enables efficient user management in your organization across various Microsoft services:

Azure AD: Obtain insights into Microsoft 365 user activity, including the last successful sign-in time and last active time on each service. Export a daily count of active users effortlessly.
Exchange Online: Track mailbox activity, such as the last email read, sent, or received, and identify inactive or never logged on Exchange mailboxes.
Microsoft Teams: Utilize the Teams inactive user's collection to pinpoint stale accounts based on the last message sent & received, last call, last meeting, and more.
SharePoint Online: Leverage SharePoint inactive users’ reports to identify users’ inactivity, considering the last file accessed, page accessed, last file synced, last file shared, and last file activity date.
OneDrive: Monitor inactive users based on their last file accessed, last internal and external file shared, last file synced, and last page accessed using the OneDrive Inactive Users Report collection.
Viva Engage: Identify inactive users in Viva Engage based on their last like received, last post sent, last post read, and last activity time using the Yammer Inactive Users collection.

How to audit user activity in Microsoft 365?

Auditing user activity in Microsoft 365 can be accomplished through various methods. Below are the most widely used methods, each providing different levels of detail and data.

Audit Log in the Compliance Center: Follow the steps below to audit the user activity.
- Go to the Microsoft 365 Purview portal.
- Navigate to the 'Audit' section. Here, you can search the unified audit log to view user activities across various Microsoft 365 services.
However, some details like operation status for specific workloads, number of inactive days, license activities, etc., need PowerShell coding to access detailed information.
Windows PowerShell Commands: If you're familiar with scripting, you can use PowerShell for more technical and detailed Microsoft 365 user auditing in your organization. PowerShell offers more flexibility and can be more comprehensive for complex queries.
Utilize the Search-UnifiedAuditLog cmdlet to search the unified audit log.
```
 Search-UnifiedAuditLog -Startdate "mm-dd-yyyy" -Enddate "mm-dd-yyyy" -UserIds <UPN> 
```
These logs include events from Office 365 workloads such as Exchange Online, SharePoint Online, Azure Active Directory, OneDrive for Business, Microsoft Teams, and more.

Note: To retrieve complete user activities in the audit log search, make sure to enable Microsoft 365 unified audit logs.

Find Users’ Last Activity Time by Their Last Sign-in:

Get-MailboxStatistics Cmdlet: Use Get-MailboxStatistics to retrieve the last logon time of all mailboxes, which in turn helps to identify inactive Exchange mailboxes.
Unfortunately, the last logon time reported by this cmdlet may not always be accurate.
Azure AD Sign-in Logs: Azure AD sign-in logs in the Microsoft Entra admin center and the Get-AzureADAuditSignInLogs cmdlet can provide user login details. You can check and export the Azure AD users’ login history report as a CSV file.
However, these logs are limited to the last 30 days, which may not be sufficient for a comprehensive view of user activity.
Microsoft 365 Admin Center: The 'Last sign-in' property for each user is available under 'Active Users' in the Microsoft 365 admin center.

With AdminDroid, you can completely audit Entra ID activities, such as user logins, password changes, Azure AD applications' activities, and so on to prevent anonymous access to any inactive user accounts in Microsoft 365.

Additionally, AdminDroid provides clear-cut sign-in metrics that include admin login summary, users who fail to pass MFA, etc., to safeguard the tenant from those Microsoft 365 risky sign-in activities.

How to view a detailed report of inactive users in Microsoft 365?

Since the Azure AD cmdlets are in deprecation, with the help of the Get-MgUser cmdlet, you can retrieve the last logon time of a specific Microsoft 365 user to find user inactivity.

Get-MgUser -Userid <Userid> -Property SigninActivity | select -ExpandProperty SigninActivity

This cmdlet provides the specific user's last logon time but doesn't offer in-depth details like a list of all inactive users with assigned licenses, inactive users based on interactive and non-interactive sign-ins, users’ inactive days across all services, etc.

Thus, with the help of the provided ‘GetM365InactiveUserReport’ PowerShell script, you can generate 10+ Office 365 last logon reports to manage inactive users in your Microsoft 365 organization.

Also, the script supports built-in filters. So, you can combine multiple filters to get more granular reports.

Below are a few major use cases:

List all users in Azure AD with their last logon date and time
Get inactive user reports based on inactive days (For e.g., inactive users for 90 days)
Find Microsoft 365 inactive users based on non-interactive sign-in days
Get a list of inactive users with Microsoft 365 licenses assigned
Retrieve the last login date for sign-in enabled users
Find never logged in users in Microsoft 365
Check the last sign-in date for external users
Find Office 365 licensed users in a disabled state
View sign-in blocked external users
Get inactive users with a specific license in Microsoft 365
Schedule inactive user report

Each of these use cases provides different insights into user activity and inactivity, making it easier to manage inactive users in your organization. But remember, regular auditing and reporting are key to maintaining a secure and efficient Microsoft 365 environment.

In addition to the above, overlooking inactive mailboxes in Microsoft 365 can expose your organization to serious security risks, compliance issues, and unnecessary expenditures on licenses. Our comprehensive guide provides efficient methods to identify inactive mailboxes in Exchange Online within Microsoft 365.

Here is a quick glimpse!

Using Exchange Online Admin Center: It explains how to use the Exchange Online Admin Center to view and manage inactive mailboxes, including filtering options and details on mailbox usage.
Exchange Online PowerShell Commands: It provides PS cmdlets to identify inactive mailboxes in Exchange Online. This includes scripts for generating detailed reports and customizing the criteria for inactivity.
AdminDroid Exchange Online Reporter: It lets you dive deep into the monitoring of inactive mailboxes, which offers automated reporting features and visual analytics for easier Exchange Online management.

How to see inactive guest users in Azure AD?

You can pinpoint guest user inactivity in a more specific manner within your Microsoft 365 organization. Identify stale guest accounts using the inactive guest reports by following these steps:

Sign-in to the Microsoft Entra admin center.
Navigate to 'Identity governance' and click on 'Dashboard'.
Scroll to the 'Guest access governance' card, then select 'View inactive guests'.

In this section, you'll find a list of users who have been inactive for the past 90 days by default. However, you have the flexibility to adjust the inactivity threshold as per your organization's needs. This report provides:

A list of never logged-in guest accounts.
A guest users’ list based on the number of days since their last sign-in.
Details about the activity status of all guest accounts.

With this report, you can monitor inactive guest accounts and make informed decisions to delete them in Microsoft 365. Regular monitoring of this report ensures that inactive guest users are removed monthly, enhancing Microsoft 365 security.

Additionally, You will be able to create Microsoft Entra ID Governance access reviews to manage inactive guests. You can opt for a single-stage or multi-stage access review, depending on your organizational needs.

However, one limitation is that you need the Microsoft Entra ID Governance license to access this report.

For a more effective and precise method of retrieving inactive users in Microsoft 365, particularly in larger environments, consider using AdminDroid’s Inactive Users Reports Collection.

Key features of AdminDroid that make monitoring inactive users more efficient include:

Customizable Filters and Scheduled Reporting: Apply tailored filters and schedule one or more reports simultaneously for better inactive users’ management.
Comprehensive Microsoft 365 Dashboards: Stay informed with up-to-the-minute statistics, ensuring you're always aware of active users and inactive users across all Microsoft 365 services.
Role-Based Admin Access: Delegate administrative tasks based on user roles, distributing responsibilities to check inactive users across all services effectively.
Enhanced Microsoft 365 Usage Insights: Gain deeper insights into how users are utilizing Microsoft 365 services within your organization, thereby helping to track inactive users easily.

These features make AdminDroid an essential tool for managing inactive users in Microsoft 365 organizations.

How to delete inactive Microsoft 365 users and remove their licenses?

To delete inactive Office 365 users and remove their licenses, you can follow the steps below:

Remove Licenses by Deleting the User Account

Navigate to the Microsoft 365 admin center.
Select "Users", then go to ‘Active Users’.
Locate the inactive user account you wish to delete.
Click on the user and select ‘Delete User’.

Deleting a user account frees up their license, allowing you to reassign it to another employee or remove it entirely.

Note: You have a 30-day grace period from the date of deletion to restore the account if necessary. After 30 days, the data associated with the account is permanently deleted.

Delete a User with Microsoft 365 Graph PowerShell

The below cmdlet will delete a Microsoft 365 user and automatically revoke the license associated with a removed account.

Remove-MgUser -UserId 'user@contoso.com' -Confirm

#It prompts for admin confirmation before deleting the user account.

Using PowerShell is particularly effective for managing licenses in bulk or automating the process, while the Microsoft 365 admin center provides a more user-friendly interface for handling individual accounts.

Note: Ensure you have the necessary administrative permissions before proceeding with these operations.

AdminDroid Microsoft 365 User Reporting ToolKicking away the Microsoft 365 stale user accounts is now made easier!

The AdminDroid’s Microsoft 365 analytics tool offers a comprehensive suite of reports, enabling admins to promptly identify and manage inactive users. Beyond just reporting, it incorporates various enhancement features to streamline and optimize the Microsoft 365 inactive user reporting.

Crucial Microsoft 365 inactive accounts report that AdminDroid Office 365 reporter offers:

AdminDroid’s M365 Inactive User Management Report Collection ReportBoard provides complete insights into inactive users in Microsoft 365. It includes detailed reports tracking inactive users across each service, summarizing users' last logon activity, identifying inactive mailboxes in Microsoft 365, and so on.

A Quick Summary

Audit Microsoft 365 Entra ID Operations

AdminDroid’s Azure AD auditing package helps to track activities, including logins, password updates, etc., to efficiently track the inactive users in the organization.

Monitor Exchange Online Email Activities

Use AdminDroid’s Microsoft 365 email monitoring tool to audit email traffic, including spam and malware, helping to identify vulnerable inactive users in Exchange Online.

Check Inactive User’s Activities in SharePoint Online

Monitor the malicious file activities through the inactive user accounts and revoke the sensitive data permissions assigned with the help of AdminDroid’s SharePoint Online auditing tool.

Detect Inactive Mailboxes in Exchange Online

Regularly audit the Exchange Online mailbox activities reports to find and manage the inactive mailboxes in the Microsoft 365 environment.

Track User Sign-in Analytics in Microsoft 365

Detect suspicious and unauthorized logins from unfamiliar locations using inactive user accounts with the help of AdminDroid’s Microsoft 365 sign-in analytics.

Review Inactive Users’ Teams Activities

AdminDroid’s Microsoft Teams auditing tool provides comprehensive metrics on Teams operations, such as Teams logins, file accesses, and membership activities to find inactive Teams users.

Therefore, the AdminDroid Microsoft 365 reporting and auditing tool acts as a crucial alert mechanism for identifying inactive users and spotlighting any unusual or suspicious activities that might cause potential security risks in the Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps to Get Inactive User Report in Microsoft 365

The following are the possible errors and troubleshooting hints while dealing with inactive users in Office 365.

Error: Why the Last Login Date reported by the Get-MailboxStatistics cmdlet is not correct? Some users’ mailbox have very recent last logon date/time even though the account has been blocked/disabled few months ago.

These questions arise as the Get-MailboxStatistics cmdlet with the LastLogonTime parameter returned inaccurate results. This is because the parameter also includes mailbox assistant activity in Exchange Online, which is running in the background.

Troubleshooting hint :You can use the LastSuccessfulSignInDateTime parameter to get the last successful login details of users in your Microsoft 365 organization. To do so, you must install and connect to the Microsoft Graph Beta PowerShell module and run the below cmdlet.

((Get-MgBetaUser -UserId <UserId> -Property SigninActivity).SignInActivity.AdditionalProperties).lastSuccessfulSignInDateTime

Error: ./GetM365InactiveUserReport.ps1 cannot be loaded because running scripts is disabled on this system.

If you have set the execution policy settings to ‘RemoteSigned’, the above error will occur while running the PowerShell script.

Troubleshooting hint :Change the execution policy settings by running the below cmdlet.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Error: Get-MgUser: Calling principal does not have required MSGraph permissions AuditLog.Read.All

This error occurs when the MS Graph module does not have permission to read the audit log to display the last active time of users.

Troubleshooting hint : Connect to the MS Graph PowerShell using the below cmdlet and permit to read Microsoft 365 audit logs.

Connect-MgGraph –Scopes Directory.Read.All,AuditLog.Read.All

Error: Your message couldn’t be delivered.

This error occurs when you send an email to an inactive user without an Exchange Online license in your organization.

Troubleshooting hint :Check and delete the inactive user by navigating to the Users tab from Microsoft 365 admin center.

Error: The term 'Connect-MgGraph' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error message occurs when you try to run the PowerShell cmdlets without the connecting Microsoft Graph PowerShell.

Troubleshooting hint :To resolve this error, you must install and connect the Microsoft Graph PowerShell in your organization.

Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Export Microsoft 365 Inactive User Report