Overview
Users' web query displays Microsoft 365 user objects, including guest accounts, resource mailboxes, and shared mailboxes. Users' web query is included in the built-in Microsoft 365 container.
Users' web query settings
Setting name | Description |
---|---|
General Settings | |
Limit scope to this Azure AD Administrative Unit |
This setting defines the search query scope. To improve query performance, limit the scope to a specific Azure Admin Unit. Important: To test rule configuration, limit the rule scope to an Azure Admin Unit that contains test accounts or objects.
|
Query criteria
|
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
Post-query filter
|
To hide unwanted data based on criteria, not supported by the Microsoft 365 query criteria above, set the filtering conditions here. Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
Properties to display |
Each object property defined in this setting matches the column that will be displayed in the Cayosoft Web portal for this web query. To display additional columns, add the required properties to the Properties to display list. Tip: To add extension attribute 1 that is synchronized from AD you need to use a value like "OnPremisesExtensionAttributes/extensionAttribute1~Extension Attribute 1".
|
Default user state filter value |
Specify the filter value for the user state that will be selected by default in the Web Portal in the user web query filter.
|
Default user type filter value |
Specify the filter value for the user type that will be selected by default in the Web Portal in the user web query filter.
|
User account properties |
|
Account state |
Specify account state:
|
User type |
Specify user type:
|
Account sync status |
Specify account sync status:
|
Modern MFA status |
Specify modern MFA status:
Important: Due to the current nature of the Microsoft API that returns this information, users will be processed one by one by this MFA status post-filter. Expect 10 minutes of processing per every 300 returned users if this filter is enabled. Reduce the number of users by using query criteria to reduce the rule execution time.
|
Administrator role |
Specify administrator role:
|
Date time properties |
|
Minimum account age (hours) |
Specify the minimum account age for the Microsoft 365 user accounts. |
Maximum account age (hours) |
Specify the maximum account age for the Microsoft 365 user accounts. |
Last Microsoft 365 sign in (days ago) |
Set a minimum number of days past since a user signs in to Microsoft 365. Use 0 to disable this check. Note: Using this parameter requires an Azure AD Premium P1/P2 license in the tenant.
|
Last password change (days ago) |
Set a minimum number of days past since a user changed the password. |
Last sync time (days ago) |
Set a minimum number of days past the last sync time. |
Extension Attributes |
|
Extension attribute1 - Extension attrbute15 |
If you use Microsoft 365 extension attributes to store additional information for user accounts, you could select these attributes and map them to Other Attributes. |
Mailbox and Licensing filters |
|
Mailbox type |
Specify mailbox type:
|
Include licensed users |
Specify which users should be included:
|
Filter by licenses |
You can filter users by assigned licenses and apps/services:
Also, you can add filtering by inheritance of assigned applications and services:
|
Organization Properties |
|
DisplayName/Email starts with EmployeeID starts with Employee type Job Title Division Cost center Department City State Country Postal code Usage location |
Specify organization properties for search. |
Map to text file |
|
Select data source |
Specifies the text file to be imported. The […] button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
Separator used in file |
Specify the separator that is used in the CSV file. |
Data source anchor attribute |
Select a column in the data source that contains the attribute value for identifying and mapping a user. |
System anchor attribute |
Specify user anchor attribute. |
Other Query Settings |
|
System properties |
List of properties required for this rule to be executed correctly. |
Sort by |
Sort result objects list. |
Limit result set |
The maximum number of users returned from Microsoft 365 by default is 2000. Tip: It is possible to change the default value in Microsoft 365 extension settings.
|
MS Graph query condition (OData) |
By default, Query criteria are used. But when the MS Graph query condition is specified, it overrides the Query criteria setting. See this article for examples: How to use Query Builder dialog for Query Criteria and Filter rule settings – Cayosoft Help Center. |
MS Graph advanced queries |
Enables consistency level eventually which uses an index that might not be up-to-date with recent changes to the object. |
Default number of objects to show |
Select the number of objects to display in the Users web query in the Web Portal. By default, the global Web Portal setting from the Web Portal Customization > Default number of objects to show is used. |
Initialization script |
|
Script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Office 365 License Quota |
|
Enable quota management Licenses list with settings Licensing quota notification contacts |
Cayosoft Administrator allows allocating Microsoft 365 licenses and assigning quota limits by Administrative Units. Having configured an Administrative Unit per department and then configured License Quotas in Users web queries on these Administrative Units, you will prevent local department IT from overusing the Microsoft 365 licenses. You will get an overview of over-and under-use across departments. For step-by-step configuration instructions, please see the Office 365 License Quotas article. |
Suspend Configuration |
|
Microsoft 365 User Suspend configuration |
Specify Microsoft 365 User Suspend configuration. By default, it is taken from the Admin Unit settings. |
Microsoft 365 User Undo Suspend configuration |
Specify Microsoft 365 User Undo Suspend configuration. By default, it is taken from the Admin Unit settings. |
General settings
Setting name | Description |
---|---|
Replace Web UI Help URL |
In Cayosoft Web Portal each web query has a help link that opens the corresponding section in Cayosoft documentation. If you need you can replace the default link with your custom link to your intranet portal. |
Web Actions tab
For details please see this article: Re-arranging Web Queries actions – Cayosoft Help Center.
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Change History
Version | Notes |
---|---|
11.1.0 | The Users web query has been updated with new settings. |
10.3.0 |
|
8.2.0 | MS Graph advanced queries setting is added. |
7.4.0 | Active Users web query is renamed to Users web query. |
7.2.0 | The Limit scope to this Azure AD Administrative Unit setting is added. |
Comments
0 comments
Please sign in to leave a comment.