Query Inactive User through Graph API

Question

We are currently trying to get inactive user information via Microsoft Graph API. We have a situation where a user leaves a company and has their user account is then removed from O365. The mailbox becomes inactive due to our retention policy. We are extracting teams chat information and we need to lookup user metadata based off of the aadUser id as shown in the example below:

"from": {
"application": null,
"device": null,
"user": {
"id": "3e3fe82c-654b-11ed-9022-0242ac120002",
"displayName": "Example, User",
"userIdentityType": "aadUser",
"tenantId": "4a978ec2-654b-11ed-9022-0242ac120002"
}
},

Normally we would use https://graph.microsoft.com/v1.0/users/3e3fe82c-654b-11ed-9022-0242ac120002 but since the user is now inactive, it will return with the error "resource '3e3fe82c-654b-11ed-9022-0242ac120002' does not exist or one of its queried reference-property objects are not present.

1. Is this expected behavior where inactive mailboxes are not present via https://graph.microsoft.com/v1.0/users?
2. Is there an alternative way for us to look up email addresses and other metadata for inactive users by querying their aadUser id as reference?

Thank you.

Answer 1

Hi @Chris Tang

To detect inactive accounts you can use lastSignInDateTime property.

If you are searching for a specific user by name, which enables you to evaluate the lastSignInDateTime, you can use-

https://graph.microsoft.com/beta/users?$filter=startswith(displayName,'markvi')&$select=displayName,signInActivity  

If you are looking for list of users with a lastSignInDateTime before a specified date, you can use-

https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2019-06-01T00:00:00Z  

Documentation reference- https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-manage-inactive-user-accounts#how-to-detect-inactive-user-accounts

Please note that APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

Answer 2

Hello there,

I tried this

https://graph.microsoft.com/beta/users?filter=signInActivity/lastSignInDateTime le 2021-10-20T00:00:00Z - however I receive the following:

    "error": {
        "code": "Authentication_MSGraphPermissionMissing",
        "message": "Calling principal does not have required MSGraph permissions AuditLog.Read.All",
        "innerError": {
            "date": "2023-01-19T23:59:51",
            "request-id": "31c3d656-3b50-4571-944f-df5efa59bfc0",
            "client-request-id": "31c3d656-3b50-4571-944f-df5efa59bfc0"
        }
    }
}

However - the application has the following permissions assigned:

Microsoft Graph (7)
AuditLog.Read.All		Delegated	Read audit log data			    Yes	Granted for ****
AuditLog.Read.All		Application	Read all audit log data			Yes	Granted for ****
Directory.Read.All	    Delegated	Read directory data			    Yes	Granted for ****
Directory.Read.All	    Application	Read directory data			    Yes	Granted for ****
User.Read			    Delegated	Sign in and read user profile	No	Granted for ****
User.Read.All		    Delegated	Read all users' full profiles	Yes	Granted for ****
User.ReadBasic.All	    Delegated	Read all users' basic profiles	No	Granted for ****

The Following work without issue:

https://graph.microsoft.com/v1.0/users
as does:
https://graph.microsoft.com/beta?/users

Cheers,
Scotty...