Getting data for Entra permission management from graph for inactive users, Inactive apps , Super users

yash-4342 16 Reputation points

Hi Team,

Currently in the entra permission management portal if we try to download the list of inactive users, inactive apps or super users. The report is not getting downloaded. So, we are exploring the Graph API option to get the data for the same. As checked on the article the roles defined for the user from which we are trying to fetch the data are GA and the permission management admin.

The graph query calls the below node as the documentation GET /identityGovernance/permissionsAnalytics/azure/findings/microsoft.graph.superUserFinding

when we are trying the same in our tenant through graph explorer, we are not getting the category of the permissionsAnalytics , below is the screenshot attached.User's image

Can you please us to know what are we missing in this due to which the category of permissionAnalytics is not coming in graph.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,414 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Carolyne-3676 201 Reputation points

    Thank you for raising this up. The guidance is not to take dependency on beta APIs as they are subject to change. I would propose a workaround using alternative options like Powershell. For example, for Inactive users you can do the following:

    #Inactive Users

    Connect-MgGraph -Scopes "AuditLog.Read.All"

    $Inactiveusers= get-MgUser -Property DisplayName, UserPrincipalName, SignInActivity, UserType

    $Inactiveusers | Where-Object {($_.SignInActivity.LastSignInDateTime -le $((Get-Date).AddDays(-30))) -and ($_.UserType -eq "Member")}

    #Export to CSV

    $Inactiveusers | Select-Object DisplayName, ID, UserPrincipalName | Export-Csv -Path .\Processes2.csv

    0 comments No comments