Inactive users in Microsoft Teams not only disrupt team collaboration but also weaken security and reduce overall productivity. Unmonitored accounts can lead to unnecessary license costs and inefficient resource utilization. This guide helps you identify and manage inactive users to ensure an active Microsoft Teams environment.
Windows PowerShell Connect-MgGraph –Scopes "Reports.Read.All" Windows PowerShell Get-MgReportTeamUserActivityUserDetail -Period <Days> -OutFile <FilePath> 
The AdminDroid’s Microsoft Teams reporting tool provides detailed reports on Teams inactive users based on their last meeting, team chat, private chat, and call activity. Beyond these, it also offers insights into inactive users, team memberships, device usage, and more.
Keep an eye on Microsoft Teams user activity across chats, calls, and meetings to detect and prevent any malicious actions through inactive Teams users.
Use AdminDroid's advanced filter in the licensed users report to identify inactive users assigned with Teams add-on licenses and revoke them for better license management.
Track the last activity date of all inactive users across various platforms such as Windows, Mac, mobile, and web to restrict Microsoft Teams sign-in on unmanaged devices and reduce the attack surface.
Monitor external user activities in Microsoft Teams to track guest users' engagement and remove inactive external users to streamline access control and optimize external collaboration.
Monitor inactive users in Microsoft 365 to identify idle accounts across all M365 services, then disable or delete them to prevent unauthorized access and optimize licensing costs.
Assign active owners to teams with disabled owners to prevent inactive ownership and ensure proper governance across Microsoft 365.
Overall, AdminDroid’s Microsoft Teams management tool streamlines team oversight with detailed reports on activity, membership, and usage. It enables admins to track inactive users, monitor file sharing, and analyze sign-ins for better license optimization and security.
This error occurs when a user or least privileged admin tries to connect to the Microsoft Graph PowerShell module without an admin consent on behalf of the organization.
This error occurs when running the 'Get-MgReportTeamUserActivityUserDetail' cmdlet in PowerShell without necessary scope permissions or role assignments.
Connect-MgGraph –Scopes "Reports.Read.All"This error occurs when the output file path is not properly provided.
Get-MgReportTeamUserActivityUserDetail -Period D180 -OutFile "D:\Teams Reports\TeamsUserActivityDetails.csv"This error occurs in Microsoft usage reports when your organization has enabled the 'Display concealed names in all reports' setting in the Microsoft 365 admin center.
Reviewing sign-in logs in Microsoft Teams helps to identify inactive users who have not signed in for an extended period. It also highlights failed sign-in attempts by those users. This helps you investigate the cause, analyze inactivity patterns, address potential security risks, and ensure proper access management.
Note: Filter the logs by date range and specific user to find their last sign-in time from the first entry. By default, the logs show data for the last 24 hours, but you can customize the date range up to 30 days.
Connect to the Microsoft Graph PowerShell module using the cmdlet below.
Connect–MgGraph –Scopes "AuditLog.Read.All"Run the following cmdlet in PowerShell to export Microsoft Teams login activities.
Get-MgAuditLogSignIn -Filter "startsWith(appDisplayName,'Microsoft Teams')" -All | Select-Object CreatedDateTime, UserDisplayName, UserPrincipalName, IPAddress, AppDisplayName | Export-Csv -Path <FilePath>
While native reports provide a general overview of user sign-ins in MS Teams, AdminDroid enhances this with detailed breakdowns like graphical charts, and advanced filters!
Handy tip: Utilize the Export capability to download the Microsoft Teams sign-in logs report in various formats like CSV, PDF, and HTML for further analysis.
Manual tracking of inactive users is time-consuming, error-prone, and does not allow you to identify inactive users within specific teams. Microsoft Entra access reviews automate inactive user detection from specific group, notifies reviewers, and enforces access removal upon approval.
Note: Finding inactive users in Teams or groups using Access Reviews requires a Microsoft Entra ID Governance license.
To find inactive accounts in Microsoft Teams using Access Reviews, navigate to in the Entra portal and follow the steps below.
Note: If you select Group owner(s) or Managers of users as primary reviewers, you can set Fallback reviewers to handle reviews when a group has no assigned owner or a user has no assigned manager.
Reviewers can approve, remove, or request additional details about user access. After review completion, Microsoft Entra enforces decisions based on the configured settings.
Identifying inactive users in teams is only the first step. The crucial part is to remove them to prevent unauthorized access and optimize license usage. Since teams are linked to Microsoft 365 groups, removing a user from a team also results in their removal from the associated M365 group.
While the Microsoft Teams admin center allows you to remove inactive users, manually reviewing each team is time-consuming. PowerShell offers a more efficient approach by allowing you to quickly identify and remove inactive users across all teams.
Connect to the Microsoft Teams PowerShell module using the cmdlet below.
Connect-MicrosoftTeamsRun the following PowerShell snippet to remove inactive users from teams in Microsoft 365 by replacing <User1> and <User2> with the list of inactive users' UPNs.
$users = @("<User1>", "<User2>")
foreach ($User in $Users) {
$teams = Get-Team -User $User | Select-Object -ExpandProperty GroupId
foreach ($Team in $Teams) { Remove-TeamUser -GroupId $Team -User $User }
}The above snippet identifies the team membership of listed users and removes them from their respective teams.
Monitor teams membership removal activities in real-time with AdminDroid reports!
Inactive users in MS Teams pose security risks if their sign-in or data access is not revoked. Disabling Teams prevents them from accessing sensitive data. While the core Teams license is bundled with Microsoft 365, removing add-ons like Teams Premium, Audio Conferencing, Teams Phone Standard, and more helps optimize costs by eliminating unnecessary expenses.
Connect to the Microsoft Graph PowerShell module using the cmdlet below.
Connect-MgGraph -Scopes "Organization.Read.All", "LicenseAssignment.ReadWrite.All", "User.ReadWrite.All" Run the below PowerShell cmdlet to find the SkuPartNumber or SkuID of the enterprise subscription that contains Teams license or to identify a Teams add-on license.
Get-MgSubscribedSku –All | Format-ListThen, run the following PowerShell snippet to remove a Microsoft Teams license from an inactive user by replacing <SkuPartNumber> and <UserUPN> with the correct values.
$Subscription = Get-MgSubscribedSku -All | Where-Object SkuPartNumber -eq '<SkuPartNumber>'
$DisabledPlans = $Subscription.ServicePlans | Where-Object ServicePlanName -eq 'TEAMS1' | Select-Object -ExpandProperty ServicePlanId
$AddLicenses = @( @{ SkuId = $Subscription.SkuId; DisabledPlans = $DisabledPlans } )
Set-MgUserLicense -UserId "<UserUPN>" -AddLicenses $AddLicenses -RemoveLicenses @()To remove the Teams add-on license from an inactive user in Microsoft 365, run the below PowerShell cmdlet.
Set-MgUserLicense -UserId "<UserUPN>" -RemoveLicenses @("<SkuId>") -AddLicenses @{}Removing Teams add-on licenses for inactive users reduces unnecessary costs, but it does not remove their access to other Microsoft 365 services. To fully restrict access, consider disabling sign-ins or removing licenses at the tenant level.
Get AdminDroid Office 365 Reporter Now!