Skip to content
Category: Security
2020-05-19

Getting Inactive Users in Office 365 with PowerShell

One of the biggest problems we encounter when managing any platform is the control of inactive users.

This problem is aggravated in Office365, since between the users who stop using and the guest users we end up having the Azure AD badly managed. In addition, we are faced with the Office365 Security Directives, which require us to monitor users who have not logged in for the last 30 to 90 days.

To obtain these users we will follow the following steps:

1. Modify the PowerShell Script

We start with the PowerShell Script Modification.

https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/InactiveUsersLast90Days.ps1

This script takes us to the directive to create a CSV file with the “UserPrincipalName” of the users to generate a report.

2. Executing the Script

For the execution of this Script, we have to pay attention to which points we have to modify to put the account of a Tenant’s Manager.

#Set admin UPN 
$UPN = 'e.rodado@contoso.com'

In the variable $UPN (UserPrincipalName) we will have to put the login of a Tenant’s administrator. This variable is used to open the connection with the EXO of Exchange Online.

If we need to know the inactive users with another time period we just need to modify the next variable:

$startDate = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy')

If in the variable $startDate we change “-90” by another amount we will generate the report of the inactive users with this period. For example, if we put “-30” the report that will be generated will be the inactive users that have not logged in for 30 days or more.

If you want to increase the degree of digital transformation in your company, consult our Virtual Desktop Service.

3. Get History

The script will leave you the report in “C:\Users\”+ $DesktopUser +”\Documents\Return\Auditorias_” + $date +”.csv” so you should have created the “Return” folder in your “Documents” folder. This file that is created will have the date and time of the moment it was created. This way you can have a history of inactive users.

Script GetInactiveUsers.ps1

 import-module MSOnline

#$CredO365 = Get-Credential -Message "Exchange credentials"
        #$SesionO365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $CredO365 -Authentication Basic -AllowRedirection
        
        #Import-PSSession $SesionO365 -AllowClobber

        #$SessionEOP = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $CredO365 -Authentication Basic -AllowRedirection
        
        #Import-PSSession $SessionEOP -AllowClobber


 $date = Get-Date -UFormat "%Y%m%dT%H%M%S"
#$TenantId = "e3b21e9f-0c39-46be-b4db-4ccf9ce8d1f7" #"d2c93295-3e7a-4b26-80b9-295bd8216aaf"
$DesktopUser = $env:USERNAME


    $ReturnFile = "C:\Users\"+ $DesktopUser +"\Documents\Return\Auditorias_" + $date +".csv"

    $Value = "UserPrincipalName"
    Add-Content -Path $ReturnFile -Value $Value

#Set admin UPN
$UPN = 'e.rodado@old.aleson-itc.com'

#This connects to Azure Active Directory & Exchange Online
Connect-MsolService
$EXOSession = New-ExoPSSession -UserPrincipalName $UPN
Import-PSSession $EXOSession -AllowClobber

$startDate = (Get-Date).AddDays(-90).ToString('MM/dd/yyyy')
$endDate = (Get-Date).ToString('MM/dd/yyyy')

$allUsers = @()
$allUsers = Get-MsolUser -All -EnabledFilter EnabledOnly | Select UserPrincipalName, ObjectId


$loggedOnUsers = @()
$loggedOnUsers = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate -Operations UserLoggedIn, PasswordLogonInitialAuthUsingPassword, UserLoginFailed, CreationDate -ResultSize 5000

I hope this post was helpful.

You can check my other posts about:

If you want us to help your business or company contact us at info@aleson-itc.com or call us at +34 962 681 242

Complete este formulario para recibir la guía de Windows Server en Azure
*Obligatorio
Complete este formulario para recibir la guía de Windows Server en Azure
Gracias por rellenar el formulario [name]. ¡Aquí tienes tu eBook Gratis!
Complete este formulario para recibir 4 best practices to implement a comprehensive Zero Trust security approach
*Obligatorio
Complete este formulario para recibir 4 best practices to implement a comprehensive Zero Trust security approach
Gracias por rellenar el formulario [name]. ¡Aquí tienes tu eBook Gratis!
Complete este formulario para recibir Cloud Migration Essentials
*Obligatorio
Complete este formulario para recibir Cloud Migration Essentials
Gracias por rellenar el formulario [name]. ¡Aquí tienes tu eBook Gratis!
Complete este formulario para recibir Cloud security Advice for Nonprofit Leaders
*Obligatorio
Complete este formulario para recibir Cloud security Advice for Nonprofit Leaders
Gracias por rellenar el formulario [name]. ¡Aquí tienes tu eBook Gratis!
Complete este formulario para recibir Prevent data leaks with Microsoft 365 Business Premium
*Obligatorio
Complete este formulario para recibir Prevent data leaks with Microsoft 365 Business Premium
Gracias por rellenar el formulario [name]. ¡Aquí tienes tu eBook Gratis!
Complete this form to recieve the guide of Windows Server on Azure
*Required
Complete this form to recieve the guide of Windows Server on Azure
Thank you for filling out the form [name]. Here's your Free eBook!
Complete this form to recieve 4 best practices to implement a comprehensive Zero Trust security approach
*Required
Complete this form to recieve 4 best practices to implement a comprehensive Zero Trust security approach
Thank you for filling out the form [name]. Here's your Free eBook!
Complete this form to recieve Cloud Migration Essentials
*Required
Complete this form to recieve Cloud Migration Essentials
Thank you for filling out the form [name]. Here's your Free eBook!
Complete this form to recieve Cloud security Advice for Nonprofit Leaders
*Required
Complete este formulario para recibir Cloud security Advice for Nonprofit Leaders
Thank you for filling out the form [name]. Here's your Free eBook!
Complete this form to recieve Prevent data leaks with Microsoft 365 Business Premium
*Obligatorio
Complete this form to recieve Prevent data leaks with Microsoft 365 Business Premium
Thank you for filling out the form [name]. Here's your Free eBook!