How to access user details for those who have not logged in to Azure Virtual Desktop for 90 days

Question

I am looking for information on how to access the details of inactive users who have not logged into Azure Virtual Desktop for 90 days. Specifically, I would like to know their usage in the file share as well as their last logon details.

Answer 1

Hello, @Swaroop Gowda D !

I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue:

I would like to access the details of inactive users who have not logged into Azure Virtual Desktop for 90 days. Specifically, I would like to know their usage in the file share as well as their last logon details.

Solution (provided by Swaroop Gowda D):

My objective was to identify users who haven't logged into AVD for the past 60 days and remove their profile details from the Azure file share, without affecting their user accounts. Due to insufficient information from the Microsoft Q&A platform and the inability to gather the necessary details, I developed a PowerShell script. This script captures details such as directory name, file name/profile name, profile size, and last modified date. Using these last modified details, I can proceeded to delete the user profiles from the Azure file share where all user profiles are stored. Below is the PowerShell script:

# Install the Export-Excel module if not already installed
Install-Module -Name ImportExcel -Force -AllowClobber
 
# Input Parameters
$resourceGroupName = "resourceGroupName"
$storageAccName = "storageAccName"
$fileShareName = "fileShareName"
$directoryPath = "Presentation"
 
# Specify the customer's tenant ID
$customerTenantId = "customerTenantId"
 
# Azure login to the customer's tenant
Connect-AzAccount -Tenant $customerTenantId
 
# Set the default subscription
Set-AzContext -SubscriptionId "SubscriptionId"
 
# Import the Export-Excel module
Import-Module ImportExcel
 
# Function to Lists directories and files along with their sizes in MB and exports to Excel
Function GetFiles {
  Write-Host -ForegroundColor Green "Listing directories and files with sizes, creation date, and last modified date in MB.."
 
  # Get the storage account context
  $ctx = (Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName).Context
 
  # Create an array to store file details
  $fileDetails = @()
 
  # List directories
  $directories = Get-AZStorageFile -Context $ctx -ShareName $fileShareName
 
  # Loop through directories
  foreach ($directory in $directories) {
    Write-Host -ForegroundColor Magenta "Directory Name: $($directory.Name)"
 
    # List files in the current directory
    $files = Get-AZStorageFile -Context $ctx -ShareName $fileShareName -Path $directory.Name | Get-AzStorageFile
 
    # Loop through files
    foreach ($file in $files) {
      # Convert size to MB
      $sizeInMB = [math]::Round($file.Length / 1MB, 2)
 
      # Add file details to the array with size, last modified date
      $fileDetails += [PSCustomObject]@{
        DirectoryName = $directory.Name
        FileName = $file.Name
        Size_MB = $sizeInMB
        LastModified = $file.LastModified.LocalDateTime  # Retrieve LastModified directly
      }
    }
  }
 
  # Specify the new export path
  $exportPath = "add your file path to downloas in xls file"
 
  # Export to Excel with additional LastModified property with custom date format (yyyy-MM-dd HH:mm)
  $fileDetails | Export-Excel -Path $exportPath -AutoSize -Show
}
 
# Call the function
GetFiles

Answer 2

My objective was to identify users who haven't logged into AVD for the past 60 days and remove their profile details from the Azure file share, without affecting their user accounts.

Due to insufficient information from the Microsoft Q&A platform and the inability to gather the necessary details, I developed a PowerShell script. This script captures details such as directory name, file name/profile name, profile size, and last modified date.

Using these last modified details, I can proceeded to delete the user profiles from the Azure file share where all user profiles are stored.

Below is the PowerShell script:

# Install the Export-Excel module if not already installed
Install-Module -Name ImportExcel -Force -AllowClobber
 
# Input Parameters
$resourceGroupName = "resourceGroupName"
$storageAccName = "storageAccName"
$fileShareName = "fileShareName"
$directoryPath = "Presentation"
 
# Specify the customer's tenant ID
$customerTenantId = "customerTenantId"
 
# Azure login to the customer's tenant
Connect-AzAccount -Tenant $customerTenantId
 
# Set the default subscription
Set-AzContext -SubscriptionId "SubscriptionId"
 
# Import the Export-Excel module
Import-Module ImportExcel
 
# Function to Lists directories and files along with their sizes in MB and exports to Excel
Function GetFiles {
  Write-Host -ForegroundColor Green "Listing directories and files with sizes, creation date, and last modified date in MB.."
 
  # Get the storage account context
  $ctx = (Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName).Context
 
  # Create an array to store file details
  $fileDetails = @()
 
  # List directories
  $directories = Get-AZStorageFile -Context $ctx -ShareName $fileShareName
 
  # Loop through directories
  foreach ($directory in $directories) {
    Write-Host -ForegroundColor Magenta "Directory Name: $($directory.Name)"
 
    # List files in the current directory
    $files = Get-AZStorageFile -Context $ctx -ShareName $fileShareName -Path $directory.Name | Get-AzStorageFile
 
    # Loop through files
    foreach ($file in $files) {
      # Convert size to MB
      $sizeInMB = [math]::Round($file.Length / 1MB, 2)
 
      # Add file details to the array with size, last modified date
      $fileDetails += [PSCustomObject]@{
        DirectoryName = $directory.Name
        FileName = $file.Name
        Size_MB = $sizeInMB
        LastModified = $file.LastModified.LocalDateTime  # Retrieve LastModified directly
      }
    }
  }
 
  # Specify the new export path
  $exportPath = "add your file path to downloas in xls file"
 
  # Export to Excel with additional LastModified property with custom date format (yyyy-MM-dd HH:mm)
  $fileDetails | Export-Excel -Path $exportPath -AutoSize -Show
}
 
# Call the function
GetFiles

Answer 3

Hello Swaroop Gowda D

Identifying Inactive Users and Usage in Azure Virtual Desktop (AVD)

There's no single built-in mechanism within AVD to directly access all the information you need. However, you can combine several Azure services to achieve your goal:

1. Identifying Inactive Users:

• Azure Active Directory (AAD): Use AAD to identify users who haven't logged into AVD for 90 days.
  • Access the Azure portal and navigate to Azure Active Directory.
    • Go to "Users" and filter them based on "Sign-in activity (last login)" with a custom filter for "Last sign-in less than 90 days ago."
      • You can then download a list of these users in CSV format for further analysis.

2. Last Logon Details:

• Log Analytics Workspace (Optional): If you have a Log Analytics workspace connected to your AVD deployment, you might be able to query logs for user login activities. However, by default, AVD logs don't retain data for extended periods.
  • If log retention is enabled, you can use Kusto Query Language (KQL) to query the "SignInLogs" table in your workspace for relevant user login events. This might provide details like username and last login time.

3. Usage in File Share:

• Azure File Share Permissions: You can't directly access usage details within file shares for individual users. However, you can analyze permissions assigned to inactive users on your file shares.
  • Access the Azure portal and navigate to your Azure file share.
    • Go to "Permissions" and review the list of users. Focus on inactive users identified from AAD.
      • This can help you determine if they have access to specific folders or files within the file share.

4. Alternative Approaches:

• Third-Party Monitoring Tools: Explore third-party monitoring tools specifically designed for AVD that might offer more granular user activity tracking and reporting capabilities.

Additional Considerations:

• Data Privacy: Ensure compliance with your organization's data privacy policies when dealing with user data.
• Retention Policies: Consider implementing a data retention policy to automatically remove inactive user data after a predetermined timeframe.

Recommendations:

• Leverage Azure Active Directory as the primary source for identifying inactive users based on last sign-in activity.
• Assess if you need more detailed last logon information and if enabling AVD log retention in a Log Analytics workspace is feasible.
• Review file share permissions to understand potential access by inactive users.
• Consider exploring third-party monitoring tools for more advanced user activity tracking.

By combining these techniques and following data privacy best practices, you can effectively identify inactive users in AVD and gain insights into their file share access patterns.

Identifying Inactive Users and Usage in Azure Virtual Desktop (AVD)

There's no single built-in mechanism within AVD to directly access all the information you need. However, you can combine several Azure services to achieve your goal:

1. Identifying Inactive Users:

• Azure Active Directory (AAD): Use AAD to identify users who haven't logged into AVD for 90 days.
  • Access the Azure portal and navigate to Azure Active Directory.
    • Go to "Users" and filter them based on "Sign-in activity (last login)" with a custom filter for "Last sign-in less than 90 days ago."
      • You can then download a list of these users in CSV format for further analysis.

2. Last Logon Details:

• Log Analytics Workspace (Optional): If you have a Log Analytics workspace connected to your AVD deployment, you might be able to query logs for user login activities. However, by default, AVD logs don't retain data for extended periods.
  • If log retention is enabled, you can use Kusto Query Language (KQL) to query the "SignInLogs" table in your workspace for relevant user login events. This might provide details like username and last login time.

3. Usage in File Share:

• Azure File Share Permissions: You can't directly access usage details within file shares for individual users. However, you can analyze permissions assigned to inactive users on your file shares.
  • Access the Azure portal and navigate to your Azure file share.
    • Go to "Permissions" and review the list of users. Focus on inactive users identified from AAD.
      • This can help you determine if they have access to specific folders or files within the file share.

4. Alternative Approaches:

• Third-Party Monitoring Tools: Explore third-party monitoring tools specifically designed for AVD that might offer more granular user activity tracking and reporting capabilities.

Additional Considerations:

• Data Privacy: Ensure compliance with your organization's data privacy policies when dealing with user data.
• Retention Policies: Consider implementing a data retention policy to automatically remove inactive user data after a predetermined timeframe.

Recommendations:

• Leverage Azure Active Directory as the primary source for identifying inactive users based on last sign-in activity.
• Assess if you need more detailed last logon information and if enabling AVD log retention in a Log Analytics workspace is feasible.
• Review file share permissions to understand potential access by inactive users.
• Consider exploring third-party monitoring tools for more advanced user activity tracking.

By combining these techniques and following data privacy best practices, you can effectively identify inactive users in AVD and gain insights into their file share access patterns.

Answer 4

Hello,

Thank you for posting in Q&A forum.

To access detailed information about inactive users who have not logged into Azure Virtual Desktop within the past 90 days, we recommend that you try the following methods:

You can use PowerShell scripts to query users who are not logged into Azure Virtual Desktop. Through the Azure Active Directory PowerShell module, you can write scripts to list users who have not logged in in in the past 90 days. This will help you determine which users are in an inactive state.

Once you have identified inactive users, you can view their usage through the logs or monitoring tools provided by file sharing services. This may require appropriate permissions and access levels to view and analyze the activity of file sharing.

Azure Active Directory will retain logs related to user login activities. You can view these logs to obtain the last login details of inactive users. Through the Azure portal or PowerShell, you can retrieve these logs and filter out the required user login information.

To better manage and monitor inactive users, it is recommended to regularly run scripts or set alerts to identify users who have not logged in for a long time. In addition, regularly audit user file sharing activities and login logs to ensure effective management of network security and resource utilization.

Through these steps, you should be able to obtain the file sharing usage and final login details of inactive users, thereby effectively managing the Azure virtual desktop environment.Hope this answer can help you well.

Best regards，

Jill Zhou

Answer 5

Hello, @Swaroop Gowda D ! We've received your feedback and want to make sure that your issue has been addressed. I reached out to the AVD team and while this functionality isn't built into AVD directly, there are a variety of ways to accomplish this. You can use a GPO to remove users older than xxx days, you can use Azure AD to look at users, or you can get more information from Azure Monitor.

How do I access user details for those who have not logged in to Azure Virtual Desktop for 90 days?

If the goal is to remove users who have not logged in after 90 days, then you can take advantage of a Group Policy Object (GPO):

Computer Configuration\Administrative Templates\System\User Profiles\Delete User Profiles Older Than xxx

https://learn.microsoft.com/en-us/answers/questions/441800/group-policy-automatically-delete-user-profiles-ol

I should note that there are some instances in which this does not work as expected when related settings configured in Windows Management Instrumentation (WMI) take precedence over the GPO settings:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/old-user-profiles-not-deleted-system-restart

See the following Q&A answers for instructions and scripts:

• Group Policy: Automatically Delete User Profiles Older Than Certain Number of Days Win 10 not working.
• GPO to remove profiles on reboot not working

This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed. If you enable this policy setting, the User Profile Service will automatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days. So I restarted the system and then checked the folders under C:\Users and User profiles were deleted.

If the goal is to learn more about users who have not logged in after 90 days, then either Azure Monitor or an Azure AD script is likely the best route.

---

I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!