🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Get Microsoft 365 Users' Real Last Logon Time Report

Keeping tabs on the last logon time of users is crucial for efficient Microsoft 365 management. Yet, neglecting this can result in severe security threats and unnecessary spending on resources. Here is a guide that will help you get users' last login time report, allowing you to keep your organization secure and cost-effective.

Native Solution

Microsoft 365 Permission Required

High

Global Administrator, Security Admin, Security Reader, Global Reader or Reports Reader.

Option 1 Using Microsoft Entra Admin Center

  • Sign-in to the Microsoft Entra admin center.
  • Navigate to 'Sign-in logs' under Identity»Monitoring & Health.
  • Here, you can filter the desired user's last logon time as well as other associated properties.
Using Microsoft Entra Admin Center

Option 2 Using Windows PowerShell

  • You can get the last logon time of a specific user by following the below steps using Graph PowerShell.
  • Install and connect to the ‘Microsoft Graph’ PowerShell module using this cmdlet.
  • Windows PowerShell Windows PowerShell 
     Install-Module Microsoft.Graph
Connect-MgGraph
  • Now, run the below command to get the last successful login time of the desired user.
  • Windows PowerShell Windows PowerShell 
     (Get-MgBetaUser -UserId <userID> -Property SigninActivity).SignInActivity.LastSuccessfulSignInDateTime
Using Windows PowerShell

Option 3 Using PowerShell Script

  • Note that simply relying on the last sign-in time is insufficient for an admin to identify inactive users within Microsoft 365.
  • Therefore, we have developed a PowerShell script to retrieve last successful sign-in history along with the details, such as last interactive & non-interactive time, etc.
  • Download and run the following script in the Administrator PowerShell.
Microsoft365UsersLastSuccessfulSigninReport.ps1
Using PowerShell Script
AdminDroid Solution
More than 150 reports are under the free edition.

AdminDroid Permission Required

None

Any user with report access assigned by Super Admin.

StepsUsing AdminDroid

ad
  • Login to the AdminDroid Office 365 portal.
  • Navigate to the 'User's Last Log-on Time With Location Filters' report under Analytics»Sign-in Analytics»User's Last Log-on Summary.
Using AdminDroid

Admins can use this report to spot inactive users and take appropriate actions when necessary, based on the last time they logged on into Microsoft 365.

Unlock in-depth sign-in analytics that native tools lack!

  • Get the extensive details for the users' last login time by navigating to the ‘Sign-ins' reports section located under Analytics»Sign-in Analytics along with additional details such as location, device, etc.
all-signins
geo-map
birds-eye-chart
donut
exported-excel
pie-chart
alert
Explore a full range of reporting options

Pinpoint stale users in Microsoft 365 at a glance!

Ensure inactive users don't drain your Microsoft 365 budget! Utilize AdminDroid's Microsoft 365 sign-in monitoring tool to easily audit the last logon time of users and manage inactive accounts.

Witness the report in action using the

Live Demo

Azure ADRemove Inactive Users to Avoid Data Breaches in Microsoft 365

Showing 1 of 6
What can you do with user last logon time in Microsoft 365? How to check Entra ID user’s last logon history via Microsoft Purview? What kind of sign-in logs are available in Microsoft Entra ID ? How to monitor the last login date across different Microsoft 365 services? How to monitor the user’s last login history across different countries? How to find unused Exchange Online mailboxes?

What can you do with user last logon time in Microsoft 365?

Finding the last logon time report is crucial to monitor security, compliance, resource usage, and other Microsoft 365 sign-in risks. Check the below for better understanding.

  • Microsoft 365 Security Tracking: Monitoring the last logon time of the users allows you to detect potential security breaches and unauthorized access, preventing Microsoft 365 sensitive data from being compromised.
  • Resource Optimization: Efficient resource management touches many aspects of an organization, both directly and indirectly. Finding and revoking Microsoft 365 inactive users helps admins use licenses more wisely, ensuring optimal allocation.
  • Compliance Management: Keeping Microsoft 365 users' activity logs, including the last sign-in time, is essential for meeting regulatory requirements and maintaining proper records in your organization.
  • Risk Prevention: Observing unusual login patterns or significant gaps between logins can help prevent security incidents before they occur, strengthening overall protection of your Microsoft 365 environment.

AdminDroid offers a complete Entra ID user login reports to oversee login failures and audit user sign-in information, ensuring efficient user management.

Additionally, a detailed walkthrough on inactive users in Microsoft 365 can be listed as follows.

  • Enhanced Sign-in Monitoring: AdminDroid Microsoft 365 reporter offers comprehensive Entra ID users' login auditing reports providing detailed insights into Microsoft's risky sign-in analytics, user sign-in patterns, and much more to safe easily identify the stale users in your organization.
  • Inactive Reports Collection: AdminDroid's M365 Usage Analytics Reports Collection provides a bunch of reports to track and manage inactive users across all services under one section.
  • One-stop Solution for Inactive Users: To easily spot and monitor inactive user accounts, use our in-depth guide on how to export Microsoft 365 inactive user report.

How to check Entra ID user’s last logon history via Microsoft Purview?

You can view the users' last sign-in date with detailed information using Microsoft 365 Purview portal without PowerShell. Follow the below steps to find the users’ last logon time via Purview portal:

  • Login to the Microsoft 365 Purview portal.
  • Start a new search and provide the desired username in the Users filter for the UserLoggedIn event.
  • The search results will display events related to user logins within the specified timeframe.
  • Look for the recent login events for the selected user(s) to determine their last logon time in Microsoft 365.

However, the above method won’t provide additional details, such as user type and IP related details with respect to Entra ID sign-in logs.

  • Unlike the native Purview portal, AdminDroid's User's Last Logon Time report provides detailed and easily accessible user login information without any complexity.
  • AdminDroid provides an Advanced Alerting feature allowing admins to configure and receive notifications based on specific criteria related to user login activities.
lastlogon

This capability enhances the users' sign-in monitoring that enables admins to swiftly detect any irregular or suspicious login patterns.

What kind of sign-in logs are available in Microsoft Entra ID ?

There are four types of Microsoft Entra ID sign-ins that provide detailed logs on user logins in your organization.

  • Interactive User Sign-ins: These are sign-ins where users actively engage by entering their credentials, such as username and password. This type of sign-in requires the user's direct participation to authenticate and access Microsoft 365 services.
  • Non-Interactive User Sign-ins: These sign-ins happen in the background without the user's direct interaction, typically used in automated processes. They enable system-to-system or application-to-application access through predefined authentication methods.
  • Service Principal Sign-ins: These sign-ins are non-human entities that act as stand-ins for applications or services. These identities allow applications to authenticate and interact with other services in Azure Active Directory without a user being involved directly.
  • Managed Identity Sign-ins: Managed identities are used for Azure services, providing them with an Azure AD identity that is automatically managed by Azure. This eliminates the need for developers to manage credentials, making it a secure and maintenance-free option for accessing Azure services.

AdminDroid: A go to option to check all types of Azure AD sign-in logs!

  • AdminDroid offers extensive User's Sign-ins Summary by Sign-in Type reports that help you to check Microsoft 365 sign-ins and discover dedicated reports for each sign-in method in a single place.
signins-type

How to monitor the last login date across different Microsoft 365 services?

You can follow the below steps to monitor the last logon date across different Microsoft 365 services.

  • Login to the Microsoft 365 admin center and navigate to the Reports»Usage.
  • Select the preferred report in this section, that displays the latest activity for the respective Microsoft 365 service.
  • Specify the time, or users whom you want to check the recent activity date and look for “Last activity Date”.

AdminDroid simplifies auditing the most recent login date of users for each Office 365 service in your organization.

  • With the Last Active Time of Users by Office 365 Services report, you will get a consolidated view of the last login time across various services, such as Exchange, SharePoint, OneDrive, Teams, etc., without navigating through multiple reports.
last-service

This report not only indicates the user’s last active time in each service but also highlights the inactivity days across all Microsoft 365 services.

How to monitor the user’s last login history across different countries?

You can follow the below steps to monitor users’ last logon time across various countries.

With AdminDroid, you can identlfy and track the last login time of users with just a few clicks!

  • Access the User's Last Log-on Time By Country report to find recent sign-ins across different countries from AdminDroid.
  • With the help of this report, admins can oversee recently signed-in users with the details, such as sign-in date, time, and country.
by-country

How to find unused Exchange Online mailboxes?

Keeping an eye on unused mailboxes in Exchange Online is essential for maintaining security and managing Microsoft 365 license costs effectively within your organization.

Follow the steps below to find the inactive mailboxes via Exchange admin center.

  • Login to the Exchange Online admin center.
  • Navigate to Recipients»Mailboxes. Click on the desired user.
  • Under the General tab, you can find the last active time of user mailboxes last active time in Exchange Online.
admincenter

If you're concerned about security risks and unnecessary license expenses in your organization, you can efficiently identify inactive mailboxes in Exchange Online with the help of AdminDroid Exchange Online Reporter.

Unlike Microsoft 365 built-in approaches, our guide provides a comprehensive overview that encompasses additional methodologies to check inactive mailboxes and essential insights for efficient mailbox management.

AdminDroid Microsoft Entra ID Reporter Access the last logon report to promptly identify inactive users in Microsoft 365!

The AdminDroid’s Microsoft Entra ID auditing tool offers extensive reports empowering admins to quickly pinpoint users' last logon time and manage their licenses. It enhances user management with its powerful features like automated scheduling, column customization, advanced alerting, etc., providing a more streamlined approach.

Real last logon reports in Microsoft 365 provided by AdminDroid's Office 365 Reporter include:

AdminDroid’s User's Last Log-on Time with Location Filters report provides a comprehensive summary of users' most recent login time within your Microsoft 365 environment. This report helps admins to track user activity, identify potential security concerns, and monitor login patterns.

A Quick Summary

Birds Eye View of Users' Last Logon History

The User's Last Logon Summary report offer a concise overview of recent user logins, encompassing last login date and time with location details, across multiple Microsoft 365 services.

Efficient Microsoft 365 Guest login Monitoring

AdminDroid’s Guest User Sign-ins report empowers you to monitor external user sign-ins, ensuring no compromises in your Microsoft 365 data security.

Crafting Sign-in Reports in Your Way

Customize Entra ID sign-in reports and export them in multiple formats, ensuring precise insights that facilitate seamless sharing and Microsoft 365 management.

Insightful Entra ID Device Sign-ins Surveillance

Use the All User Sign-Ins with Device Details report to monitor device sign-ins and restrict suspicious device login attempts from unfamiliar locations.

Instant Microsoft 365 User Email Analytics

AdminDroid's email analytics dashboard provides stats on users' and groups' email activities to track the inbound and outbound emails sent & received in your organization.

User’s Last Logon Report Automation

Identify Microsoft 365 users' login activities and automate them with the help of AdminDroid’s Advanced Scheduler to find active & inactive users across your organization.

Therefore, the AdminDroid Microsoft 365 reporting and auditing tool acts as a crucial alert mechanism for identifying inactive users and spotlighting any unusual or suspicious activities that might cause potential security risks in the Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

General Errors and Resolution Steps for getting Last Login of Users in Microsoft365

The following are the possible errors and hints for troubleshooting, while getting Microsoft 365 users’ last logon report.

Error: Get-MgUser : The term 'Get-MgUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you try to connect to Microsoft Graph Beta, without installing the module.

Troubleshooting hint :You can use the below cmdlet to install the Microsoft Graph Beta module and then connect to Mg-graph. 

Install-Module Microsoft.Graph.Beta
Connect-MgGraph

Error: You don't have access to this data. Please contact your global administrator to get access.

This error occurs when you try to access Azure AD sign-in logs without necessary admin permission.

Troubleshooting hint :Please ensure that you possess one of the necessary administrative permissions listed below.

Global Administrator, Security Admin, Security Reader, Global Reader, or Reports Reader

Error: Set-MgUser : Get By Key only supports UserId and the key has to be a valid Guid.

If you attempt to sign into Entra ID sign-In logs using the User Principal Name (UPN) instead of the User ID, you will encounter this error.

Troubleshooting hint :Make sure to enter the 'UserId' instead of 'User Principal Name' while executing the cmdlet.

Error: Get-MgUser : Calling principal does not have required MSGraph permissions Auditlog.Read.All

This issue occurs when you don’t have permission to read the Office 365 audit logs.

Troubleshooting hint :Connect Microsoft Graph using the below command with the required permission scope. 

Connect-MgGraph -scope User.Read.All, AuditLog.read.All

Error: Why the Last Login Date reported by the Get-MailboxStatistics cmdlet is not correct? Some users’ mailbox have very recent last logon date/time even though the account has been blocked/disabled few months ago.

These questions arise as the Get-MailboxStatistics cmdlet with the LastLogonTime parameter returned inaccurate results. This is because the parameter also includes mailbox assistant activity in Exchange Online, which is running in the background.

Troubleshooting hint :You can use the LastSuccessfulSignInDateTime parameter to get the last successful login details of users in your Microsoft 365 organization. To do so, you must install and connect to the Microsoft Graph Beta PowerShell module and run the below cmdlet. 

((Get-MgBetaUser -UserId <UserId> -Property SigninActivity).SignInActivity.AdditionalProperties).lastSuccessfulSignInDateTime