編集

次の方法で共有

Get-EntraUserInactiveSignIn

Module:
Microsoft.Entra.Users Module v1.1

Retrieve users without interactive sign-ins in the last N days.

Syntax

Default (Default) 

Get-EntraUserInactiveSignIn

    -Ago <Int32>
    [-UserType <String>]
    [<CommonParameters>]

Description

This cmdlet retrieves users without interactive sign-ins in the last N days.

Examples

Example 1: Retrieve users without interactive sign-ins in the last 10 days

Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
Get-EntraUserInactiveSignIn -Ago 10

UserID                            : cccccccc-2222-3333-4444-dddddddddddd
DisplayName                       : Allan Deyoung
UserPrincipalName                 : AllanD@Contoso.com
Mail                              : AllanD@Contoso.com
UserType                          : Member
AccountEnabled                    : True
LastSignInDateTime                : 10/7/2024 12:15:17 PM
LastSigninDaysAgo                 : 30
lastSignInRequestId               : eeeeeeee-4444-5555-6666-ffffffffffff
lastNonInteractiveSignInDateTime  : 10/7/2024 12:13:13 PM
LastNonInteractiveSigninDaysAgo   : 30
lastNonInteractiveSignInRequestId : dddddddd-3333-4444-5555-eeeeeeeeeeee
CreatedDateTime                   : 10/7/2024 12:32:30 AM
CreatedDaysAgo                    : 31

This example shows how to find users who haven’t signed in within the past 30 days.

Example 2: Retrieve guest users without interactive sign-ins in the last 10 days

Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
Get-EntraUserInactiveSignIn -Ago 10 -UserType 'Guest'

UserID                            : cccccccc-2222-3333-4444-dddddddddddd
DisplayName                       : Allan Deyoung
UserPrincipalName                 : AllanD@Contoso.com
Mail                              : AllanD@Contoso.com
UserType                          : Guest
AccountEnabled                    : True
LastSignInDateTime                : 10/7/2024 12:15:17 PM
LastSigninDaysAgo                 : 30
lastSignInRequestId               : eeeeeeee-4444-5555-6666-ffffffffffff
lastNonInteractiveSignInDateTime  : 10/7/2024 12:13:13 PM
LastNonInteractiveSigninDaysAgo   : 30
lastNonInteractiveSignInRequestId : dddddddd-3333-4444-5555-eeeeeeeeeeee
CreatedDateTime                   : 10/7/2024 12:32:30 AM
CreatedDaysAgo                    : 31

This example shows how to find guest users who haven’t signed in within the past 30 days. Choose All for all users, Member for internal users, or Guest for external users.

Example 3: Retrieve Users Without Interactive Sign-Ins in the Last 10 Days Using a Filter

Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
Get-EntraUserInactiveSignIn -Ago 10 | Where-Object {$_.UserPrincipalName -eq 'SawyerM@contoso.com'}

UserID                            : cccccccc-2222-3333-4444-dddddddddddd
DisplayName                       : Sawyer Miller
UserPrincipalName                 : SawyerM@Contoso.com
Mail                              : SawyerM@Contoso.com
UserType                          : Member
AccountEnabled                    : True
LastSignInDateTime                : 10/7/2024 12:15:17 PM
LastSigninDaysAgo                 : 30
lastSignInRequestId               : eeeeeeee-4444-5555-6666-ffffffffffff
lastNonInteractiveSignInDateTime  : 10/7/2024 12:13:13 PM
LastNonInteractiveSigninDaysAgo   : 30
lastNonInteractiveSignInRequestId : dddddddd-3333-4444-5555-eeeeeeeeeeee
CreatedDateTime                   : 10/7/2024 12:32:30 AM
CreatedDaysAgo                    : 31

This example shows how to find users who haven’t signed in within the past 30 days using a filter.

Parameters

-Ago

Number of days to check for Last Sign In Activity.

Parameter properties

Type:System.Int32
Default value:None
Supports wildcards:False
DontShow:False
Aliases:LastSignInBeforeDaysAgo

Parameter sets

(All)
Position:Named
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-UserType

Specifies the type of user to filter. Choose All for all users, Member for internal users, or Guest for external users.

Parameter properties

Type:System.String
Default value:All
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

System.String

Outputs

System.Object

Notes

Updating Role Assignable Groups or Privileged Access Groups require PrivilegedAccess.ReadWrite.AzureADGroup permission scope.