🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Get Microsoft 365 Users' Real Last Logon Time Report

Keeping tabs on the last logon time of users is crucial for efficient Microsoft 365 management. Yet, neglecting this can result in severe security threats and unnecessary spending on resources. Here is a guide that will help you get users' last login time report, allowing you to keep your organization secure and cost-effective.

Option 1
Option 2
Option 3
Option 4
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Entra Admin Center

Microsoft 365 Permission Required
Global Administrator, Security Admin, Security Reader, Global Reader or Reports Reader.
  • Sign-in to the Microsoft Entra admin center.
  • Navigate to 'Sign-in logs' under Identity»Monitoring & Health.
  • Here, you can filter the desired user's last logon time as well as other associated properties.
Using Microsoft Entra Admin Center

Using Windows PowerShell

Microsoft 365 Permission Required
Global Administrator, Security Admin, Security Reader, Global Reader or Reports Reader.
  • You can get the last logon time of a specific user by following the below steps using Graph PowerShell.
  • Install and connect to the ‘Microsoft Graph’ PowerShell module using this cmdlet.
  • Windows PowerShell Windows PowerShell 
     Install-Module Microsoft.Graph
Connect-MgGraph
  • Now, run the below command to get the last successful login time of the desired user.
  • Windows PowerShell Windows PowerShell 
     (Get-MgBetaUser -UserId <userID> -Property SigninActivity).SignInActivity.LastSuccessfulSignInDateTime
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Global Administrator, Security Admin, Security Reader, Global Reader or Reports Reader.
  • Note that simply relying on the last sign-in time is insufficient for an admin to identify inactive users within Microsoft 365.
  • Therefore, we have developed a PowerShell script to retrieve last successful sign-in history along with the details, such as last interactive & non-interactive time, etc.
  • Download and run the following script in the Administrator PowerShell.
Using PowerShell Script
Microsoft365UsersLastSuccessfulSigninReport.ps1
AdminDroid Microsoft Entra ID Reporter

Access the last logon report to promptly identify inactive users in Microsoft 365!

The AdminDroid’s Microsoft Entra ID auditing tool offers extensive reports empowering admins to quickly pinpoint users' last logon time and manage their licenses. It enhances user management with its powerful features like automated scheduling, column customization, advanced alerting, etc., providing a more streamlined approach.

Birds Eye View of Users' Last Logon History

The User's Last Logon Summary report offer a concise overview of recent user logins, encompassing last login date and time with location details, across multiple Microsoft 365 services.

Efficient Microsoft 365 Guest login Monitoring

AdminDroid’s Guest User Sign-ins report empowers you to monitor external user sign-ins, ensuring no compromises in your Microsoft 365 data security.

Crafting Sign-in Reports in Your Way

Customize Entra ID sign-in reports and export them in multiple formats, ensuring precise insights that facilitate seamless sharing and Microsoft 365 management.

Insightful Entra ID Device Sign-ins Surveillance

Use the All User Sign-Ins with Device Details report to monitor device sign-ins and restrict suspicious device login attempts from unfamiliar locations.

Instant Microsoft 365 User Email Analytics

AdminDroid's email analytics dashboard provides stats on users' and groups' email activities to track the inbound and outbound emails sent & received in your organization.

User’s Last Logon Report Automation

Identify Microsoft 365 users' login activities and automate them with the help of AdminDroid’s Advanced Scheduler to find active & inactive users across your organization.

Therefore, the AdminDroid Microsoft 365 reporting and auditing tool acts as a crucial alert mechanism for identifying inactive users and spotlighting any unusual or suspicious activities that might cause potential security risks in the Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

Identify and remove inactive guest users using access reviews in Microsoft Entra ID to manage the stale user accounts in your organization.

Reduce unnecessary spending on Microsoft 365 licenses by revoking the unused Office 365 licenses from the inactive users in your organization.

To keep former employees' data safe and prevent any data leaks, enhance your Office 365 offboarding process.

Common Errors and Resolution Steps

The following are the possible errors and hints for troubleshooting, while getting Microsoft 365 users’ last logon report.

Error Get-MgUser : The term 'Get-MgUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you try to connect to Microsoft Graph Beta, without installing the module.

Fix You can use the below cmdlet to install the Microsoft Graph Beta module and then connect to Mg-graph. 
Install-Module Microsoft.Graph.Beta
Connect-MgGraph

Error You don't have access to this data. Please contact your global administrator to get access.

This error occurs when you try to access Azure AD sign-in logs without necessary admin permission.

Fix Please ensure that you possess one of the necessary administrative permissions listed below.
Global Administrator, Security Admin, Security Reader, Global Reader, or Reports Reader

Error Set-MgUser : Get By Key only supports UserId and the key has to be a valid Guid.

If you attempt to sign into Entra ID sign-In logs using the User Principal Name (UPN) instead of the User ID, you will encounter this error.

Fix Make sure to enter the 'UserId' instead of 'User Principal Name' while executing the cmdlet.

Error Get-MgUser : Calling principal does not have required MSGraph permissions Auditlog.Read.All

This issue occurs when you don’t have permission to read the Office 365 audit logs.

Fix Connect Microsoft Graph using the below command with the required permission scope. 
Connect-MgGraph -scope User.Read.All, AuditLog.read.All

Error Why the Last Login Date reported by the Get-MailboxStatistics cmdlet is not correct? Some users’ mailbox have very recent last logon date/time even though the account has been blocked/disabled few months ago.

These questions arise as the Get-MailboxStatistics cmdlet with the LastLogonTime parameter returned inaccurate results. This is because the parameter also includes mailbox assistant activity in Exchange Online, which is running in the background.

Fix You can use the LastSuccessfulSignInDateTime parameter to get the last successful login details of users in your Microsoft 365 organization. To do so, you must install and connect to the Microsoft Graph Beta PowerShell module and run the below cmdlet. 
((Get-MgBetaUser -UserId <UserId> -Property SigninActivity).SignInActivity.AdditionalProperties).lastSuccessfulSignInDateTime
Azure AD

Frequently Asked Questions

Remove Inactive Users to Avoid Data Breaches in Microsoft 365

What can you do with user last logon time in Microsoft 365?

What can you do with user last logon time in Microsoft 365? +

Finding the last logon time report is crucial to monitor security, compliance, resource usage, and other Microsoft 365 sign-in risks. Check the below for better understanding.

  • Microsoft 365 Security Tracking: Monitoring the last logon time of the users allows you to detect potential security breaches and unauthorized access, preventing Microsoft 365 sensitive data from being compromised.
  • Resource Optimization: Efficient resource management touches many aspects of an organization, both directly and indirectly. Finding and revoking Microsoft 365 inactive users helps admins use licenses more wisely, ensuring optimal allocation.
  • Compliance Management: Keeping Microsoft 365 users' activity logs, including the last sign-in time, is essential for meeting regulatory requirements and maintaining proper records in your organization.
  • Risk Prevention: Observing unusual login patterns or significant gaps between logins can help prevent security incidents before they occur, strengthening overall protection of your Microsoft 365 environment.

AdminDroid offers a complete Entra ID user login reports to oversee login failures and audit user sign-in information, ensuring efficient user management.

Additionally, a detailed walkthrough on inactive users in Microsoft 365 can be listed as follows.

  • Enhanced Sign-in Monitoring: AdminDroid Microsoft 365 reporter offers comprehensive Entra ID users' login auditing reports providing detailed insights into Microsoft's risky sign-in analytics, user sign-in patterns, and much more to safe easily identify the stale users in your organization.
  • Inactive Reports Collection: AdminDroid's M365 Usage Analytics Reports Collection provides a bunch of reports to track and manage inactive users across all services under one section.
  • One-stop Solution for Inactive Users: To easily spot and monitor inactive user accounts, use our in-depth guide on how to export Microsoft 365 inactive user report.

How to check Entra ID user’s last logon history via Microsoft Purview?

How to check Entra ID user’s last logon history via Microsoft Purview? +

You can view the users' last sign-in date with detailed information using Microsoft 365 Purview portal without PowerShell. Follow the below steps to find the users’ last logon time via Purview portal:

  • Login to the Microsoft 365 Purview portal.
  • Start a new search and provide the desired username in the Users filter for the UserLoggedIn event.
  • The search results will display events related to user logins within the specified timeframe.
  • Look for the recent login events for the selected user(s) to determine their last logon time in Microsoft 365.

However, the above method won’t provide additional details, such as user type and IP related details with respect to Entra ID sign-in logs.

  • Unlike the native Purview portal, AdminDroid's User's Last Logon Time report provides detailed and easily accessible user login information without any complexity.
  • AdminDroid provides an Advanced Alerting feature allowing admins to configure and receive notifications based on specific criteria related to user login activities.
lastlogon

This capability enhances the users' sign-in monitoring that enables admins to swiftly detect any irregular or suspicious login patterns.

What kind of sign-in logs are available in Microsoft Entra ID ?

What kind of sign-in logs are available in Microsoft Entra ID ? +

There are four types of Microsoft Entra ID sign-ins that provide detailed logs on user logins in your organization.

  • Interactive User Sign-ins: These are sign-ins where users actively engage by entering their credentials, such as username and password. This type of sign-in requires the user's direct participation to authenticate and access Microsoft 365 services.
  • Non-Interactive User Sign-ins: These sign-ins happen in the background without the user's direct interaction, typically used in automated processes. They enable system-to-system or application-to-application access through predefined authentication methods.
  • Service Principal Sign-ins: These sign-ins are non-human entities that act as stand-ins for applications or services. These identities allow applications to authenticate and interact with other services in Azure Active Directory without a user being involved directly.
  • Managed Identity Sign-ins: Managed identities are used for Azure services, providing them with an Azure AD identity that is automatically managed by Azure. This eliminates the need for developers to manage credentials, making it a secure and maintenance-free option for accessing Azure services.

AdminDroid: A go to option to check all types of Azure AD sign-in logs!

  • AdminDroid offers extensive User's Sign-ins Summary by Sign-in Type reports that help you to check Microsoft 365 sign-ins and discover dedicated reports for each sign-in method in a single place.
signins-type

How to monitor the last login date across different Microsoft 365 services?

How to monitor the last login date across different Microsoft 365 services? +

You can follow the below steps to monitor the last logon date across different Microsoft 365 services.

  • Login to the Microsoft 365 admin center and navigate to the Reports»Usage.
  • Select the preferred report in this section, that displays the latest activity for the respective Microsoft 365 service.
  • Specify the time, or users whom you want to check the recent activity date and look for “Last activity Date”.

AdminDroid simplifies auditing the most recent login date of users for each Office 365 service in your organization.

  • With the Last Active Time of Users by Office 365 Services report, you will get a consolidated view of the last login time across various services, such as Exchange, SharePoint, OneDrive, Teams, etc., without navigating through multiple reports.
last-service

This report not only indicates the user’s last active time in each service but also highlights the inactivity days across all Microsoft 365 services.

How to monitor the user’s last login history across different countries?

How to monitor the user’s last login history across different countries? +

You can follow the below steps to monitor users’ last logon time across various countries.

With AdminDroid, you can identlfy and track the last login time of users with just a few clicks!

  • Access the User's Last Log-on Time By Country report to find recent sign-ins across different countries from AdminDroid.
  • With the help of this report, admins can oversee recently signed-in users with the details, such as sign-in date, time, and country.
by-country

How to find unused Exchange Online mailboxes?

How to find unused Exchange Online mailboxes? +

Keeping an eye on unused mailboxes in Exchange Online is essential for maintaining security and managing Microsoft 365 license costs effectively within your organization.

Follow the steps below to find the inactive mailboxes via Exchange admin center.

  • Login to the Exchange Online admin center.
  • Navigate to Recipients»Mailboxes. Click on the desired user.
  • Under the General tab, you can find the last active time of user mailboxes last active time in Exchange Online.
admincenter

If you're concerned about security risks and unnecessary license expenses in your organization, you can efficiently identify inactive mailboxes in Exchange Online with the help of AdminDroid Exchange Online Reporter.

Unlike Microsoft 365 built-in approaches, our guide provides a comprehensive overview that encompasses additional methodologies to check inactive mailboxes and essential insights for efficient mailbox management.

+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Get Microsoft 365 Users' Real Last Logon Time Report
Azure AD Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo