- Free Edition
- Quick Links
- Highlights
- Exchange Online
- Exchange Online Management
- Exchange Online Reports
- Exchange Online Auditing
- Exchange Online Monitoring
- Shared Mailbox Management
- Mailbox Usage Reports
- Exchange Online Mailbox Auditing
- Shared Mailbox Reports
- Exchange Online Delegation
- Mailbox Size Reports
- Mail Traffic Reports
- Non-owner Mailbox Access Report
- Public Folder Reports
- OWA Reports
- Mailbox Content Reports
- Entra ID
- Entra ID Management
- Entra ID Reports
- Entra ID Monitoring
- Entra ID Auditing
- User Management
- Contact Reports
- Security Group Reports
- License Reports
- Entra ID Delegation
- Microsoft 365 User Provisioning
- User Reports
- Distribution Group Reports
- Group Reports
- Inactive Exchange Users
- Entra ID User Auditing
- Entra ID Group Auditing
- Entra ID Logon Auditing
- Microsoft Teams
- OneDrive for Business
- SharePoint Online
- Security and compliance
- Other Features
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Security Plus Microsoft 365 Auditing and Alerting
- EventLog Analyzer Real-time Log Analysis & Reporting
- SharePoint Manager Plus SharePoint Reporting and Auditing
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
The Inactive Users report, one of M365 Manager Plus' Entra ID reports, provides details about Microsoft 365 user accounts that have not signed in for a specified period.
What is the Inactive Users report in M365 Manager Plus?
The Microsoft 365 Inactive Users report includes each user's last logon timestamp, the number of days since their last interactive and non-interactive sign-ins, their account type, their password age, and other user properties. This helps admins isolate dormant Microsoft 365 accounts, identify the reason for their inactivity, and process them accordingly.
Why you need a Microsoft 365 inactive users report
Every Microsoft 365 tenant accumulates dormant accounts over time. Former employees whose accounts were never deprovisioned, service accounts that outlived their purpose, and guest users who completed their collaboration months ago all linger in your directory. Left unchecked, each inactive account is an unmonitored entry point that an attacker can compromise without triggering the usual behavioral alerts, and every license assigned to or auto-renewed for a dormant user is money wasted by your organization.
The Microsoft 365 Inactive Users report gives you visibility, helping you quantify user inactivity, prioritize remediation, and prove compliance in a single view:
- Optimize licenses assigned to inactive users : Cross-reference inactivity data with license assignments to identify users consuming paid Microsoft 365 subscriptions without generating any sign-in activity. Free up licenses for active employees or reduce your subscription footprint.
- Take down dormant accounts before they become entry points: Dormant accounts with valid credentials are prime targets for credential stuffing and password spray attacks because they generate no baseline activity for anomaly detection to compare deviations against. To align with the CIS Critical Security Controls, organizations are expected to disable or remove inactive accounts within a defined timeframe.
- Differentiate inactive users from service accounts: An account with no interactive sign-ins for six months may still show recent non-interactive sign-ins from token refreshes. Reviewing both sign-in types prevents you from disabling accounts on which automated services still depend.
- Support periodic access certification for internal and external auditors: Compliance frameworks require documented evidence that inactive accounts are reviewed and remediated on a defined schedule. A timestamped report serves as that evidence.
- Enforce password hygiene on stale accounts: Service accounts that have been inactive for extended periods often carry outdated passwords that predate your current password policy. Identifying these accounts lets you mandate a password reset before any reactivation.
What does the Microsoft 365 Inactive Users report show?
Using M365 Manager Plus, you can filter the Inactive Users report with the following fields:
- Microsoft 365 Tenant: Select the specific tenant where you want to find inactive users.
- Virtual Tenants: If you have created virtual tenants to manage specific subsets of your organization, you can filter the report to show only Microsoft 365 users in a particular virtual tenant.
- Filter By: You can choose to view Microsoft 365 users from specific domains or belonging to particular groups.
- Inactive for the last: Set a custom inactivity threshold in days, months, or years to show only Entra users who have not signed in within the selected range.
The Inactive Users report displays the following details for every user:
| Attribute | Description |
|---|---|
| User Principal Name | The unique logon identifier for the user (e.g., user@domain.com)—used for authentication |
| Last Logon Time | The most recent date and timestamp when the user successfully signed in to any Microsoft 365 service |
| Days Since Last Logon | The total number of days that have elapsed since the user's last successful sign-in—used to quantify account inactivity |
| User Type | Indicates whether the account is a Member (internal employee) or Guest (external collaborator), enabling targeted inactivity reviews for each category |
| Days Since Last Interactive Sign-in | The number of days since the user last performed deliberate, credential-based authentication, such as entering a password or completing an MFA challenge |
| Days Since Last Non-Interactive Sign-in | The number of days since the user's last token refresh or background application sign-in that occurred without active user participation |
| Days Since Last Password Change | The number of days since the user's password was last updated |
Here are some more Entra user attributes that the Inactive Users report lists:
| Alternate Email Address | Blocked Credential | Business Phone | City | Company | Country / Region |
| Days Since Created | Department | Direct Reports | DirSync Provisioning Error | Display Name | Employee Hire Date |
| Employee ID | Employee Type | Fax | First Name | GUID | Home Phone |
| Identity | Immutable Id | Initials | Is Licensed | Last Directory Sync Time | Last Interactive Sign-in |
| Last Name | Last Non-Interactive Sign-in | Last Password Changed | License Details | License Name | Manager |
| Mobile Phone | Object ID | Office | On-premises Distinguished Name | On-premises OU Name | On-premises SAM Account |
| On-premises SID Number | Other Home Phone | Other Telephone | Password Never Expires | Postal Code | Previous Recipient Type |
| Proxy Addresses | Recipient Type | Recipient Type Details | Services | State | Street Address |
| Strong Password Required | Title | Usage Location | User Account Property | When Created |
Native Microsoft 365 admin portals and PowerShell vs. M365 Manager Plus
Natively identifying inactive users in Microsoft 365 means navigating to the Entra admin center's Sign-in logs, manually adding the Last sign-in time column under Manage view, configuring a date filter, then manually figuring out which of your users are inactive.
Administrators needing more control often turn to Microsoft Graph PowerShell, querying the signInActivity property on Entra user objects using the Get-MgUser cmdlet with the AuditLog.Read.All permission scope. While Graph PowerShell provides the precision to distinguish interactive sign-ins from non-interactive sign-ins and to export filtered results, it demands scripting expertise and manual scheduling through Windows Task Scheduler for recurring audits. Any distribution of results to stakeholders requires additional steps to convert and format the CSV output into a presentable form.
M365 Manager Plus' Inactive Users report provides the precision of Graph PowerShell combined with the convenience of an admin center through purpose-built reporting, one-click exports, and built-in scheduling—all without admins writing a single script.
| Capability | Microsoft 365 limitations | PowerShell limitations | The M365 Manager Plus advantage |
|---|---|---|---|
| Report accessibility |  Audit logs contain a multitude of events that you have to filter every time |
Manual filtering is required before you generate the report |
 Leverage individual, user-friendly reports that are seg mented and categorized for one-click access |
| Custom reports | |
There's no GUI-based custom report builder; scripting is required |
Create custom reports by saving granular, attribute-based conditional filters once per report |
| Report exports | Reports can be exported in CSV or JSON format; bulk exports require multiple stages of confirmation | Reports can be exported in CSV or JSON format; additional modules are required to export reports in PDF or XLSX format | Export reports in CSV, HTML, PDF, or XLSX format in a single click |
| Emailing reports to admins | |
|
Send reports right from the dashboard or report page in any supported formats without jumping between applications |
| Automated report generation | This requires complex add-ons like Power Automate |
This requires complex Task Scheduler configurations |
Generate multiple reports on a schedule and filter, email, and export them automatically |
For a more detailed comparison, check out this page on how to find inactive Entra ID users.
Features that enhance the Inactive Users report
M365 Manager Plus provides several built-in tools to help you automate reviews, share findings, and act on access risks surfaced by the Inactive Users report:
- Exportable reports: You can download the report in multiple formats, including CSV, PDF, HTML, or XLSX, for sharing data with department heads or maintaining offline records for compliance.
- Automated report generation: Set the Inactive Users report to be generated at specific intervals—daily, weekly, or monthly—to run inactivity audits regularly without manual effort.
- Disabling users: If the Inactive Users report reveals accounts that have been dormant beyond your organization's threshold, you can disable those accounts directly from the reporting interface without switching to the Entra admin center. This enables your security team to disable stale accounts the moment they are identified, reducing the window of exposure and keeping your organization compliant with NIST SP 800-53.
- Resetting passwords: Inactive accounts often carry outdated passwords that predate your current password policy. From the Inactive Users report, you can force a password reset on flagged accounts before re-enabling them, ensuring that no stale credential survives a reactivation.
- Modifying licenses: Dormant accounts consuming paid Microsoft 365 licenses drain your subscription budget every billing cycle. Reclaim those licenses directly from the report by modifying or removing license assignments in bulk, without navigating to a separate license management console.
- Microsoft 365 joiner and leaver automations: You can integrate the data from the Inactive Users report into automated workflows. For example, an automation policy can disable accounts that have been inactive for over 90 days and simultaneously revoke their licenses, ensuring that offboarding hygiene is maintained even when HR notifications are delayed.
Reports that complement the Inactive Users report
If you are tracking account life cycle hygiene and tightening your tenant's security posture, M365 Manager Plus provides several other reports that complement the data found in the Inactive Users report:
- Recently Created Users report: Track newly provisioned accounts so you can verify that onboarding workflows assigned the correct licenses and group memberships, preventing new accounts from becoming inactive due to misconfiguration.
- Never Logged On Exchange Users report: List accounts that were created but have never recorded a single sign-in due to provisioning errors as well as abandoned accounts that the Inactive Users report will not catch until they pass the inactivity threshold.
- Licensed Users report: Cross-reference licensed users with inactivity data to quantify the exact cost of dormant licenses and build a business case for license reclamation.
- Entra ID sign-in activity reports: Audit authentication events to verify that accounts you have re-enabled after an inactivity review are generating expected sign-in patterns.
Other features of M365 Manager Plus
- Entra ID management: Create, modify, and delete users, groups, and licenses in bulk without Graph PowerShell, simplifying your Microsoft 365 identity management.
- Microsoft 365 reporting: Leverage over 700 prebuilt and custom reports across major Microsoft 365 services, such as Exchange Online, SharePoint Online, Teams, and OneDrive for Business—all from one dashboard.
- Microsoft 365 management: Manage users, groups, mailboxes, Teams, SharePoint permissions, and license assignments across workloads without switching portals.
- Microsoft 365 automation: Automate onboarding, offboarding, license provisioning, and group updates with no-code workflows—and without add-on subscriptions.
- Microsoft 365 auditing: Maintain a complete, searchable audit trail of every change across your Microsoft 365 environment.
- Microsoft 365 alerting: Get real-time alerts on suspicious sign-ins, admin role changes, license breaches, and policy violations.
- Microsoft 365 admin delegation: Give help desk staff scoped access for specific tasks, such as password resets, group changes, and mailbox management, without full admin rights or visibility over users they don't manage.