🔧 New: User Management Graph PowerShell Toolkit
Simplify user tasks like bulk creation, updates, password resets, deletions, license checks & more — all from one place.
🚀 Launch ToolkitFetch Last Active Time of Microsoft 365 Users
Monitoring user activity is vital for ensuring compliance, identifying inactive accounts, and maintaining license efficiency in Microsoft 365. With Microsoft Graph PowerShell, you can easily fetch the last sign-in time of all users, including those who have never logged in. This article provides a script and a breakdown of how it works, along with practical enhancements and error handling tips.
The Script
# Connect to Microsoft Graph with required scopes
Connect-MgGraph -Scopes "User.Read.All", "AuditLog.Read.All", "Directory.Read.All"
# Get all users with SignInActivity property
$users = Get-MgUser -All -Property Id, DisplayName, UserPrincipalName, SignInActivity -ConsistencyLevel eventual
# Format and display results
$users | Select-Object `
@{Name = "Display Name"; Expression = { $_.DisplayName }},
@{Name = "User Principal Name"; Expression = { $_.UserPrincipalName }},
@{Name = "Last Active Time"; Expression = {
if ($_.SignInActivity.LastSignInDateTime) {
($_.SignInActivity.LastSignInDateTime).ToLocalTime()
} else {
"Not Signed In"
}
}} | Format-Table -AutoSize
How the Script Works
- Authentication:
- Data Retrieval:
- -All: to get all users.
- -Property: to specifically retrieve SignInActivity.
- -ConsistencyLevel eventual: required for advanced filters and large results.
- Processing Sign-in Info:
- If present, the date is converted to local time.
- If absent, the script displays "Not Signed In".
- Output:
- Display Name
- UserPrincipalName
- Last Active Time
- Displays results in a clean, tabular format showing Display Name, UPN, and Sign-In Status.
The script starts by connecting to Microsoft Graph using:
Connect-MgGraph -Scopes "User.Read.All", "AuditLog.Read.All", "Directory.Read.All"These scopes are required to access directory and sign-in activity information.
The Get-MgUser cmdlet is called with:
Each user's SignInActivity.LastSignInDateTime is checked.
Results are printed in a table with:
Further Enhancements
Here are a few ways you can take this script further:
- Export to CSV:
$users | Select-Object ... | Export-Csv "LastActiveUsers.csv" -NoTypeInformationAdd logic to filter users inactive for 30+ days.
Combine with license reports to identify users who are inactive but still consuming licenses.
Schedule the script and trigger alerts for stale accounts.
Possible Errors & Solutions
| Error | Cause | Solution |
| SignInActivity not returned | Missing -Property or -ConsistencyLevel | Ensure both parameters are present in Get-MgUser |
| Access Denied | Insufficient Graph permissions | Add AuditLog.Read.All, User.Read.All, Directory.Read.All scopes |
| Object Not Found | Invalid UPN or ID | Ensure correct usage of Get-MgUser with -All |
| Empty Output | No users have signed in yet | Valid result if you're testing in a fresh or demo tenant |
Conclusion
The Last Active Time of Microsoft 365 users provides actionable insights for identifying inactive users, optimizing license usage, and strengthening security postures. Using Graph PowerShell and the SignInActivity property, administrators can access this data with precision and flexibility.
This lightweight, scalable approach is ideal for periodic audits and activity tracking within any Microsoft 365 environment.