Include users' last logon time
Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
Can we please please add this attribute to the user object?
Pietro
shared this idea
This capability is now in /beta. It was actually documented earlier, but the service wasn’t quite functional. It is now.
Here’s an example of getting users and their last signin activity: https://docs.microsoft.com/graph/api/user-list?view=graph-rest-beta&tabs=http#example-5-list-the-last-sign-in-time-of-users-in-a-specific-time-range
Although not documented you can also filter on a date range to get the set of users that have not signed in since a certain date, or the users that signed in in the last 3 weeks etc.
Try GET https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime ge 2020-03-20T00:00:00Z&$select=signInActivity,id,userPrincipalName
45 comments
-
Patrick Lamber
commented
Hello,
thank you very much for all the time you are investing in making the Graph API better. I was positively surprised to find the signInActivity property in the user beta endpoints.I would like to add another scenario that might be a good addition to the Graph API. The list owners and members endpoints might also benefit from this property:
https://docs.microsoft.com/en-us/graph/api/group-list-owners?view=graph-rest-beta&tabs=http
https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-beta&tabs=httpThe scenario might look like this:
An owner or member wants to see the list of owner and members of a group with the last logged in date in the directory (or even group if technically possible). This would help to understand if the group is actively used by these users and perform a proper access review. By including the "signInActivity" in the owners and members endpoint you would reduce significantly the calls to the Graph API for such a use case.I am wondering what might be the permissions to retrieve this information from a Group. I think if you are at least an owner, you should be able to see this information. If you are a member might be a plus but not necessarily required. Reviews are typically performed by owners. Do you think that a Group.ReadWrite.All delegate permission might be sufficient? Or do you have some concerns about this?
Thank you for your feedback,
Patrick -
Anonymous
commented
Hello,
What is the data collections source for signInActivity/lastSignInDateTime?
Is it just AzureAD only ?or this attribute collects data from all below sources.
Office365, Exchange Online, SharePoint Online , Teams, AureAD.
-
[Deleted User]
commented
Hello,
What is the data collections source for signInActivity/lastSignInDateTime?
Is it just AzureAD only ?or this attribute collects data from all below sources.
Office365, Exchange Online, SharePoint Online , Teams, AureAD.
-
Konwar, Bitopan
commented
Hi Dan
I tried using a similar query https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime le 2020-02-07T00:00:00Z &$select=userPrincipalName,signInActivity
While verifying the results with user signing report from AAD portal , I found that some users have signin activities even after 2020-02-07. Any specific reason why these users are being returned in the above query
-
Erik Oppedijk
commented
Is this the beta of this feature:
https://docs.microsoft.com/en-us/graph/api/resources/signinactivity?view=graph-rest-beta -
Ross Young
commented
Hi Dan, any updates here? Thanks!
-
Marco Veenboer
commented
Are there any updates regarding this one?
-
Smith, Chris
commented
Thanks for the update Dan - glad to see an updated response and ETA. Happy Thanksgiving. :)
-
Ronald Foppen
commented
How are we doing on this one?
-
Ronald Foppen
commented
Would there be any further updates to this? Is this still scheduled for preview this month?
-
Ivan Fioravanti
commented
Any news on this one? You started 10 months ago. Thanks
-
Andrew
commented
Why do Office365 accounts keep getting compromised? Because IT admins, can no longer efficiently audit account inactivity .. This is absolutely REQUIRED.
-
Ken C
commented
We are using AzureAD for many SaaS applicatons, and need to know when an account has been inactive for a number of days. AD does not get updated by such an event, so without this we have no visibility of inactive users.
There are internal processes to process "leavers", however as a distribution organisation with warehouse staff in particular who don't need to logon to IT systems regularly, we are flying blind. Help please.
-
M.O.
commented
This is critical for our business as well. Is there any other attribute that replicates we could use for a query?
-
T.A.
commented
We're in desperate need of this. Our cloud users are getting disabled because they only use email and don't authenticate to on-premises AD.
-
Anonymous
commented
We desperately need this functionality.
-
Anonymous
commented
@Azure AD Team, this will be good to have. There are plenty of customers asking for this.
-
Mike Wood
commented
When will Azure AD be able to show a users' last sign-in date?
Stop talking about "cloud first" when you can't even get basic user management feature available to administrators via Graph API nor PowerShell.
-
Anonymous
commented
LastLogon Time stamp needed urgently for the same reasons stated below. We can't compare the logons with our Local AD to prevent locking out accounts that actually are logging into the mail portal only.
Please help. -
Nitin
commented
Any update on this? Also users may not care about what their last logon time was, as much as IT admins and compliance stakeholders would. That's the feature you need to be delivering here.
This is critical with respect to Azure B2B guests in tenants who may never log in.