question

jLight avatar image
1 Vote"
jLight asked MadhusoodananDeepu-4079 edited

Azure AD Last Log On Date?

I remember seeing a feature request about AAD Last Log On Date similar to On-Prem AD attribute. It used to be available too but then got pulled back. Just curious if anyone has an idea of the status or how do you determine the last log on date for your users? We are currently using the one based on-prem (but that poses a problem for remote users who no longer needs to VPN).

azure-active-directoryazure-ad-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

michev avatar image
2 Votes"
michev answered jLight commented

There's no such attribute available in Azure AD. If you are using any of the Office 365 workloads, you can rely on the last activity date information gathered per workload as part of the User Activity report. Otherwise, you can crawl the Azure AD sign-in logs.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jLight avatar image jLight ·

Yeap, I looked into AAD logs via Graph API... too much data to filter out. Maybe I should do it and share the info (was hoping someone already did haha)

1 Vote 1 ·
amanpreetsingh-msft avatar image
2 Votes"
amanpreetsingh-msft answered MD2409 published

Hello @jLight · You can use below calls for this purpose:

Users by name: In this scenario, you search for a specific user by name, which enables you to evaluate the lastSignInDateTime: https://graph.microsoft.com/beta/users?$filter=startswith(displayName,'markvi')&$select=displayName,signInActivity

Users by date: In this scenario, you request a list of users with a lastSignInDateTime before a specified date: https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2019-06-01T00:00:00Z

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MD2409 avatar image MD2409 ·

Hi i am a Newbie with Graph Explorer how i could see the results and export the list as a csv file or things like that?

0 Votes 0 ·
MadhusoodananDeepu-4079 avatar image
0 Votes"
MadhusoodananDeepu-4079 answered MadhusoodananDeepu-4079 edited

Hello @amanpreetsingh-msft

Similar topic, I am trying to pull all inactive users with a lastSignInDateTime before a specified date. I get below error. I am using REST API.

May I know what is the workaround for this issue? Please advise.

URL - https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime le 2022-03-10T00:00:00Z&$select=displayName,signInActivity

{"error":{"code":"UnknownError","message":"This request is throttled. Please try again after the value specified in the Retry-After header. CorrelationId: 631fcbf3-4b34-4a69-afef-993f058950bc","innerError":{"date":"2022-03-31T14:57:39","request-id":"3883c2a2-42f6-43f3-bd49-8b6dc7dd5e84","client-request-id":"3883c2a2-42f6-43f3-bd49-8b6dc7dd5e84"}}}

Also, I have referred https://docs.microsoft.com/en-us/graph/api/resources/signinactivity?view=graph-rest-beta&preserve-view=true

NOTE: We have total 15 users on Azure Active directory and I made 2 REST API request.

Thank you
Deepu

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.