Share via

Samples without signInActivity

Balamurugan, Susinthika 40 Reputation points
2026-06-01T07:55:55.05+00:00

Hi Team

When we use $select=signInActivity, for the endpoint https://graph.microsoft.com/v1.0/users a few user records are not having the signInActivity block. Can we consider those users as inactive users without signInActivity data, or could they be newly created users who have not signed in yet?

Example:

TypeScript


            "accountEnabled": true,
            "userType": "Member",
            "createdDateTime": "2026-03-19T09:24:59Z",
            "city": null,
            "companyName": null,
            "country": null,
            "deletedDateTime": null,
            "employeeHireDate": null,
            "employeeLeaveDateTime": null,
            "employeeId": null,
            "displayName": "Abhishek Joshi",
            "userPrincipalName": "******@example.ai",
            "mobilePhone": null,
            "businessPhones": [],
            "id": "0a80e738-1f2c-4a76-beae-4654356666d2",
            "employeeOrgData": null,
            "signInActivity": {
                "lastSignInDateTime": "2026-05-18T05:58:25Z",
                "lastSignInRequestId": "5d027f28-62de-4237-97c2-3b8a5ba92200",
                "lastNonInteractiveSignInDateTime": null,
                "lastNonInteractiveSignInRequestId": null,
                "lastSuccessfulSignInDateTime": null,
                "lastSuccessfulSignInRequestId": null
            }
        },
        {
            "accountEnabled": false,
            "userType": "Member",
            "createdDateTime": "2023-05-26T06:24:32Z",
            "city": null,
            "companyName": null,
            "country": null,
            "deletedDateTime": null,
            "employeeHireDate": null,
            "employeeLeaveDateTime": null,
            "employeeId": null,
            "displayName": "Abhishek Patel",
            "userPrincipalName": "******@example.ai",
            "mobilePhone": null,
            "businessPhones": [],
            "id": "820fb04b-b00e-4547-bac8-797ct5490ec7",
            "employeeOrgData": null
        }
Microsoft Security | Microsoft Entra | Microsoft Entra ID

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VEMULA SRISAI 13,405 Reputation points Microsoft External Staff Moderator
    2026-06-01T09:01:30.5666667+00:00

    Hello Balamurugan, Susinthika,

    When using $select=signInActivity with the Microsoft Graph /users endpoint, it is important to note that the signInActivity property is not guaranteed to be returned for every user.

    If a user record does not include the signInActivity block, it does not necessarily mean the user is inactive. This scenario can occur in the following cases:

    • The user has never signed in (for example, newly created accounts)
    • The sign-in data is not yet available or not populated
    • The data is outside the retention window or not recorded

    Since sign-in data is derived from sign-in logs and may not exist for all identities, absence of this property should be treated as**“no available sign-in data” rather than “inactive”**

    Recommended approach:

    • Use signInActivity only when it is present to evaluate inactivity
    • For users without this property, consider using createdDateTime or handle them as a separate category (e.g., never signed-in / unknown activity)

    This ensures more accurate classification and avoids incorrectly marking users as inactive. https://learn.microsoft.com/en-us/entra/identity/monitoring-health/concept-sign-ins

    Was this answer helpful?

    0 comments
  2. Vasil Michev 127K Reputation points MVP Volunteer Moderator
    2026-06-01T08:16:44.5833333+00:00

    Microsoft started populating signInActivity few years back, so if an account hasn't logged in since, they will have it empty indeed. Similarly, the lastSuccessfulSignInDateTime property therein, which is what's usually used to gauge "activity", is only populated since 2023 or so. It is completely normal to have any of these properties nulled or missing.

    Was this answer helpful?

    0 comments

  3. AI answer

    2026-06-01T07:56:09.1+00:00

    Users without a signInActivity block in the response cannot be automatically classified as inactive. The signInActivity resource represents the last interactive or non-interactive sign-in attempt for a user, and Microsoft Entra ID stores sign-in activity for as long as the user object exists.

    Possible reasons for a missing signInActivity block include:

    1. The user has never attempted a sign-in (newly created user or account that has never been used).
    2. The user has not had any interactive or non-interactive sign-in attempts since Microsoft Entra ID started maintaining non-interactive sign-ins (May 2020) or since signInActivity data became available for that user.

    To detect inactive users, use the last sign-in timestamps (lastSignInDateTime, lastNonInteractiveSignInDateTime, and where available lastSuccessfulSignInDateTime) when they exist, and apply an inactivity window (for example, 90–180 days) as described in the inactive user guidance. A missing signInActivity block should be treated as “no recorded sign-in activity” and evaluated together with other context (such as createdDateTime and whether the account is enabled) rather than automatically assuming the user is inactive.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.