microsoftgraph · emmanuel-karanja · Mar 13, 2025 · Mar 14, 2025 · Mar 14, 2025 · Mar 21, 2025
@@ -0,0 +1,78 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function Get-EntraInactiveSignInUser {
+    [CmdletBinding()]
+    [OutputType([string])]
+    param (
+        # User Last Sign In Activity is before Days ago
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 1)]
+        [Alias("BeforeDaysAgo")]
+        [int] $LastSignInBeforeDaysAgo = 30,
+        # Return results for All, Member, or Guest userTypes
+        [ValidateSet("All", "Member", "Guest")]
+        [string]
+        $UserType = "All"
+    )
+
+    process {
+        $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand 
+        $queryDate = (Get-Date).AddDays(-$LastSignInBeforeDaysAgo).ToString("yyyy-MM-ddTHH:mm:ssZ")
+        $inactiveFilter = "(signInActivity/lastSignInDateTime le $queryDate)"
+
+        $uri = "/v1.0/users?`$filter=$inactiveFilter&`$select=signInActivity,UserPrincipalName,Id,DisplayName,mail,userType,createdDateTime,accountEnabled"
+
+        Write-Debug ("Retrieving Users with Filter {0}" -f $inactiveFilter)
+        $queryUsers = (Invoke-GraphRequest -Method GET -Uri $uri -Headers $customHeaders).value
+
+        switch ($UserType) {
+            "Member" { $users = $queryUsers | Where-Object { $_.userType -eq 'Member' } }
+            "Guest" { $users = $queryUsers | Where-Object { $_.userType -eq 'Guest' } }
+            "All" { $users = $queryUsers }
+        }
+
+        foreach ($userObject in $users) {
+            $checkedUser = [ordered] @{
+                UserID = $userObject.Id
+                DisplayName = $userObject.DisplayName
+                UserPrincipalName = $userObject.UserPrincipalName
+                Mail = $userObject.Mail
+                UserType = $userObject.UserType
+                AccountEnabled = $userObject.AccountEnabled
+            }
+
+            If ($null -eq $userObject.signInActivity.LastSignInDateTime) {
+                $checkedUser["LastSignInDateTime"] = "Unknown"
+                $checkedUser["LastSigninDaysAgo"] = "Unknown"
+                $checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown"
+            }
+            else {
+                $checkedUser["LastSignInDateTime"] = $userObject.signInActivity.LastSignInDateTime
+                $checkedUser["LastSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.LastSignInDateTime -End (Get-Date)).Days
+                $checkedUser["lastSignInRequestId"] = $userObject.signInActivity.lastSignInRequestId
+
+                If ($null -eq $userObject.signInActivity.lastNonInteractiveSignInDateTime) {
+                    $checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown"
+                    $checkedUser["LastNonInteractiveSigninDaysAgo"] = "Unknown"
+                } else {
+                    $checkedUser["lastNonInteractiveSignInDateTime"] = $userObject.signInActivity.lastNonInteractiveSignInDateTime
+                    $checkedUser["LastNonInteractiveSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.lastNonInteractiveSignInDateTime -End (Get-Date)).Days
+                    $checkedUser["lastNonInteractiveSignInRequestId"] = $userObject.signInActivity.lastNonInteractiveSignInRequestId
+                }
+            }
+
+            If ($null -eq $userObject.CreatedDateTime) {
+                $checkedUser["CreatedDateTime"] = "Unknown"
+                $checkedUser["CreatedDaysAgo"] = "Unknown"
+            }
+            else {
+                $checkedUser["CreatedDateTime"] = $userObject.CreatedDateTime
+                $checkedUser["CreatedDaysAgo"] = (New-TimeSpan -Start $userObject.CreatedDateTime -End (Get-Date)).Days
+            }
+
+            Write-Output ([PSCustomObject]$checkedUser)
+        }
+    }
+}
+
@@ -0,0 +1,79 @@
+# ------------------------------------------------------------------------------
+#  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
+# ------------------------------------------------------------------------------
+
+function Get-EntraBetaInactiveSignInUser {
+    [CmdletBinding()]
+    [OutputType([string])]
+    param (
+        # User Last Sign In Activity is before Days ago
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true, Position = 1)]
+        [Alias("BeforeDaysAgo")]
+        [int] $LastSignInBeforeDaysAgo = 30,
+        # Return results for All, Member, or Guest userTypes
+        [ValidateSet("All", "Member", "Guest")]
+        [string]
+        $UserType = "All"
+    )
+
+    process {
+        $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand 
+        $queryDate = (Get-Date).AddDays(-$LastSignInBeforeDaysAgo).ToString("yyyy-MM-ddTHH:mm:ssZ")
+        $inactiveFilter = "(signInActivity/lastSignInDateTime le $queryDate)"
+
+        $uri = "/beta/users?`$filter=$inactiveFilter&`$select=signInActivity,UserPrincipalName,Id,DisplayName,mail,userType,createdDateTime,accountEnabled"
+
+        Write-Debug ("Retrieving Users with Filter {0}" -f $inactiveFilter)
+        $queryUsers = (Invoke-GraphRequest -Method GET -Uri $uri -Headers $customHeaders).value
+
+        switch ($UserType) {
+            "Member" { $users = $queryUsers | Where-Object { $_.userType -eq 'Member' } }
+            "Guest" { $users = $queryUsers | Where-Object { $_.userType -eq 'Guest' } }
+            "All" { $users = $queryUsers }
+        }
+
+        foreach ($userObject in $users) {
+            $checkedUser = [ordered] @{
+                UserID = $userObject.Id
+                DisplayName = $userObject.DisplayName
+                UserPrincipalName = $userObject.UserPrincipalName
+                Mail = $userObject.Mail
+                UserType = $userObject.UserType
+                AccountEnabled = $userObject.AccountEnabled
+            }
+
+            If ($null -eq $userObject.signInActivity.LastSignInDateTime) {
+                $checkedUser["LastSignInDateTime"] = "Unknown"
+                $checkedUser["LastSigninDaysAgo"] = "Unknown"
+                $checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown"
+            }
+            else {
+                $checkedUser["LastSignInDateTime"] = $userObject.signInActivity.LastSignInDateTime
+                $checkedUser["LastSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.LastSignInDateTime -End (Get-Date)).Days
+                $checkedUser["lastSignInRequestId"] = $userObject.signInActivity.lastSignInRequestId
+
+                If ($null -eq $userObject.signInActivity.lastNonInteractiveSignInDateTime) {
+                    $checkedUser["lastNonInteractiveSignInDateTime"] = "Unknown"
+                    $checkedUser["LastNonInteractiveSigninDaysAgo"] = "Unknown"
+                } else {
+                    $checkedUser["lastNonInteractiveSignInDateTime"] = $userObject.signInActivity.lastNonInteractiveSignInDateTime
+                    $checkedUser["LastNonInteractiveSigninDaysAgo"] = (New-TimeSpan -Start $checkedUser.lastNonInteractiveSignInDateTime -End (Get-Date)).Days
+                    $checkedUser["lastNonInteractiveSignInRequestId"] = $userObject.signInActivity.lastNonInteractiveSignInRequestId
+                }
+            }
+
+            If ($null -eq $userObject.CreatedDateTime) {
+                $checkedUser["CreatedDateTime"] = "Unknown"
+                $checkedUser["CreatedDaysAgo"] = "Unknown"
+            }
+            else {
+                $checkedUser["CreatedDateTime"] = $userObject.CreatedDateTime
+                $checkedUser["CreatedDaysAgo"] = (New-TimeSpan -Start $userObject.CreatedDateTime -End (Get-Date)).Days
+            }
+
+            Write-Output ([PSCustomObject]$checkedUser)
+        }
+    }
+}
+
+
@@ -0,0 +1,154 @@
+---
+title: Get-EntraBetaInactiveSignInUser
+description: This article provides details on the Get-EntraBetaInactiveSignInUser command.
+
+ms.topic: reference
+ms.date: 04/02/2025
+ms.author: eunicewaweru
+ms.reviewer: stevemutungi
+manager: CelesteDG
+author: msewaweru
+
+external help file: Microsoft.Entra.Beta.Users-Help.xml
+Module Name: Microsoft.Entra.Beta
+online version: https://learn.microsoft.com/powershell/module/Microsoft.Entra.Beta/Get-EntraBetaInactiveSignInUser
+
+schema: 2.0.0
+---
+
+# Get-EntraBetaInactiveSignInUser
+
+## Synopsis
+
+Retrieve users who have not had interactive sign-ins since a specified number of days ago.
+
+## Syntax
+
+```powershell
+Get-EntraBetaInactiveSignInUser 
+[-LastSignInBeforeDaysAgo <Int32>]
+[-UserType <String>] 
+[<CommonParameters>]
+```
+
+## Description
+
+The `Get-EntraBetaInactiveSignInUser` cmdlet retrieves users who have not signed in interactively within a specified number of days. This can be useful for identifying inactive accounts in your Microsoft Entra ID environment.
+
+## Examples
+
+### Example 1: Retrieve users who have not signed in for 30 days
+
+```powershell
+Get-EntraBetaInactiveSignInUser -LastSignInBeforeDaysAgo 30
+```
+
+```Output
+UserID                           : dddddddd-3333-4444-5555-eeeeeeeeeeee
+DisplayName                      : John Doe
+UserPrincipalName                : [email protected]
+Mail                             : [email protected]
+UserType                         : Member
+AccountEnabled                   : True
+LastSignInDateTime               : 03/02/2025 5:59:28 AM
+LastSigninDaysAgo                : 30
+lastSignInRequestId              : cccccccc-2222-3333-4444-dddddddddddd
+lastNonInteractiveSignInDateTime : Unknown
+LastNonInteractiveSigninDaysAgo  : Unknown
+CreatedDateTime                  : 01/04/2025 5:55:34 AM
+CreatedDaysAgo                   : 30
+
+UserID                           : aaaaaaaaa-3333-4444-5555-eeeeeeeeeeee
+DisplayName                      : Example User
+UserPrincipalName                : [email protected]
+Mail                             : [email protected]
+UserType                         : Guest
+AccountEnabled                   : True
+LastSignInDateTime               : 03/02/2025 5:59:28 AM
+LastSigninDaysAgo                : 30
+lastSignInRequestId              : ddddddddd-2222-3333-4444-dddddddddddd
+lastNonInteractiveSignInDateTime : Unknown
+LastNonInteractiveSigninDaysAgo  : Unknown
+CreatedDateTime                  : 01/04/2025 5:00:34 AM
+CreatedDaysAgo                   : 30
+```
+
+This command retrieves users who have not had an interactive sign-in within the last 30 days.
+
+### Example 2: Retrieve inactive guest users
+
+```powershell
+Get-EntraBetaInactiveSignInUser -LastSignInBeforeDaysAgo 90 -UserType "Guest"
+```
+
+```Output
+UserID                           : dddddddd-3333-4444-5555-eeeeeeeeeeee
+DisplayName                      : John Doe
+UserPrincipalName                : [email protected]
+Mail                             : [email protected]
+UserType                         : Guest
+AccountEnabled                   : True
+LastSignInDateTime               : 03/02/2025 5:59:28 AM
+LastSigninDaysAgo                : 30
+lastSignInRequestId              : cccccccc-2222-3333-4444-dddddddddddd
+lastNonInteractiveSignInDateTime : Unknown
+LastNonInteractiveSigninDaysAgo  : Unknown
+CreatedDateTime                  : 01/04/2025 5:55:34 AM
+CreatedDaysAgo                   : 30
+```
+
+This command retrieves guest users who have not had an interactive sign-in within the last 90 days.
+
+## Parameters
+
+### -LastSignInBeforeDaysAgo
+
+Specifies the number of days since the last interactive sign-in. Users who have not signed in within this period will be returned.
+
+```yaml
+Type: System.Int32
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### -UserType
+
+Filters users based on their type (e.g., "Member" or "Guest").
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: "All"
+Accept pipeline input: True (ByPropertyName, ByValue)
+Accept wildcard characters: False
+```
+
+### CommonParameters
+
+This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+
+## Inputs
+
+### System.Int32
+
+You can pipe an integer value to the `-LastSignInBeforeDaysAgo` parameter.
+
+## Outputs
+
+### System.Object
+
+Returns a list of users who have not signed in within the specified period.
+
+## Notes
+
+## Related Links