How to generate a list of Inactive/Stale members of Entra ID?

Question

I am trying to identify Inactive/Stale accounts in Entra ID that haven't signed in for 90+ days. Any help is appreciated.

Answer 1

Try Microsoft Graph PowerShell

# Install the Microsoft Graph PowerShell module if needed
Install-Module Microsoft.Graph -Scope CurrentUser

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "AuditLog.Read.All", "User.Read.All"

# Get the current date minus 90 days
$ThresholdDate = (Get-Date).AddDays(-90).ToString("yyyy-MM-dd")

# Fetch users who haven't signed in within the last 90 days
Get-MgUser -Filter "signInActivity/lastSignInDateTime lt $ThresholdDate" -Property id, displayName, signInActivity | 
Select-Object displayName, signInActivity

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Hello Faisal Hanif Cloud

Try powershell :

Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph

$inactiveDate = (Get-Date).AddDays(-90)

$users = Get-MgUser -All:$true -Property Id, DisplayName, UserPrincipalName, UserType, SignInActivity | Where-Object { $_.AccountEnabled -eq $true }

$inactiveUsers = $users | Where-Object {
    $_.SignInActivity.LastSignInDateTime -lt $inactiveDate
} | Select-Object DisplayName, UserPrincipalName, UserType

$inactiveUsers

OR:

Go to Microsoft Entra Admin Center (https://entra.microsoft.com).

Navigate to Users → Sign-ins.

Use the built-in filters to find users with no sign-ins in the last 90 days.

You can export the report from here.

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola