Discovering active users in your Microsoft 365 tenant has become easier with the latest Microsoft Graph update, which has many administrators excited.
Instead of manually searching through the sign-in logs, you can now access the last successful sign-in of a user through a new property: user.signInActivity.lastSuccessfulSignInDateTime, simplifying the process significantly.
However, it's important to understand that the data for this new property will only reflect sign-ins from December 1, 2023, onwards – earlier sign-ins won't be included in the records.
Automating these processes using the Graph API and PowerShell is especially beneficial in organizations with a large number of users, as it streamlines the tracking and reporting of user sign-in activities.To see active users in Azure Active Directory (Azure AD), you can use the Azure portal. First, log in to the Azure portal, then navigate to Azure Active Directory, and select Users. Here you will see a list of all users. You can filter the view to show only active users by using the directory role, sign-in activity, or licensing filters provided within the portal.
To retrieve all users via the Azure AD API, you can make a GET request to the Microsoft Graph API endpoint: https://graph.microsoft.com/v1.0/users
. This will return a list of users in your Azure AD tenant. Ensure that the necessary permissions (User.Read.All) are granted to the app making the API call, either via Admin consent for application permissions or delegated permissions with user consent.
To get external or guest users via Microsoft Graph API, you use the same endpoint to get all users: https://graph.microsoft.com/v1.0/users
. However, you can filter the results to retrieve only guest users by appending a filter query to the endpoint like: https://graph.microsoft.com/v1.0/users?$filter=userType eq 'Guest'
. This query will list all users with a userType of 'Guest', typically representing external users.
To access Microsoft Graph as a user, you must authenticate using Microsoft Identity platform and obtain an access token. The simplest way is to use an authentication library like MSAL (Microsoft Authentication Library) to handle the OAuth flow, acquire the token, and make requests to the Graph API. Once authenticated, you use the access token in the HTTP Authorization header when making requests to Graph API endpoints. Depending on your scenario, you might need to consent to the required permissions for the operations you intend to perform.
Microsoft 365 Active Users, Graph API Tenant Usage, Find Active Users Office 365, Monitor User Activity Microsoft 365, Microsoft Graph API User Analytics, Track Active Users MS 365, M365 User Engagement Report, Office 365 Active User Retrieval, Graph API User Activity Query, Microsoft Tenant User Insights