AD Users Hybrid Inactive rule
This rule returns hybrid users that meet both Active Directory and Microsoft 365 inactivity criteria.
When to use this rule
Inactive user accounts are often unnecessary and can be safely deprovisionned with Cayosoft Suspend™.
Use this rule to take action on all those user accounts that have been idle in the Active Directory and Microsoft 365 for quite a while.
Rule settings
| Setting name | Description |
|---|---|
| Query Section | |
| Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to a specific OU. IMPORTANT: To test the rule configuration, limit the rule scope to an OU that contains test accounts or objects and use the Preview feature. |
| Query criteria |
Query criteria are sent with the query and may improve query performance. TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings. |
| User sync status |
Specify user sync status.
|
| Last Active Directory logon (days ago) | Specify the number of days for the last Active Directory logon. You can also set Any or Never logged on. |
| Last Microsoft 365 sign in (any type, days ago) |
Specify the number of days since a user's last successful logon of any type (Interactive or Non-Interactive) in the Microsoft 365 environment. Use '0' and remove the lastSuccessfulSignInDays, lastSuccessfulSignInDateTime attributes from the Other Query Settings>Properties to display and System properties settings below to disable this check. Days filter uses the last successful sign in days. NOTE: Using this parameter requires an Azure AD Premium P1/P2 license in the tenant. |
| Last Microsoft 365 service access (days ago) |
Set a minimum number of days past since a user accesses Microsoft 365 services. This queries the dates of the Microsoft activities report and takes the most recent service activity date across all services. |
| Minimum AD account age (days) | Specify the number of days for the minimum account age. |
| Minimum license assignment age (days) | Set a minimum number of days past since the license assignment to avoid counting new users as inactive. Use 0 to ignore the license assignment date. |
| Other Query Settings | |
| Properties to display |
Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query. To display additional columns, add the required properties to the Properties to display list. To add extension attribute 1 that is synchronized from AD, you need to use a value like:
Copy
|
| Filter |
Set the filtering conditions to hide unwanted data based on criteria not supported in the Query criteria setting. Example: filter by the found object Distinguished Name. TIP: For optimal performance, use the Query criteria setting above to filter objects whenever possible. |
| Sort by | Sort result object list. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Rule Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Rule Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 8.0.0 | Last Microsoft 365 sign in (days ago) setting is added. |
| 7.1.0 | The rule is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.