Getting data for Entra permission management from graph for inactive users, Inactive apps , Super users

Question

Hi Team,

Currently in the entra permission management portal if we try to download the list of inactive users, inactive apps or super users. The report is not getting downloaded. So, we are exploring the Graph API option to get the data for the same. As checked on the article the roles defined for the user from which we are trying to fetch the data are GA and the permission management admin.

The graph query calls the below node as the documentation GET /identityGovernance/permissionsAnalytics/azure/findings/microsoft.graph.superUserFinding

https://learn.microsoft.com/en-us/graph/api/superuserfinding-list?view=graph-rest-beta&tabs=http

when we are trying the same in our tenant through graph explorer, we are not getting the category of the permissionsAnalytics , below is the screenshot attached.

Can you please us to know what are we missing in this due to which the category of permissionAnalytics is not coming in graph.

Answer 1

Hello!
Thank you for raising this up. The guidance is not to take dependency on beta APIs as they are subject to change. I would propose a workaround using alternative options like Powershell. For example, for Inactive users you can do the following:

#Inactive Users

Connect-MgGraph -Scopes "AuditLog.Read.All"

$Inactiveusers= get-MgUser -Property DisplayName, UserPrincipalName, SignInActivity, UserType

$Inactiveusers | Where-Object {($_.SignInActivity.LastSignInDateTime -le $((Get-Date).AddDays(-30))) -and ($_.UserType -eq "Member")}

#Export to CSV

$Inactiveusers | Select-Object DisplayName, ID, UserPrincipalName | Export-Csv -Path .\Processes2.csv