Rule description
This rule returns hybrid users that meet both Active Directory and Microsoft 365 inactivity criteria.
When to use this rule
Inactive user accounts are often unnecessary and can be safely deprovisioned with Cayosoft Suspend.
Use this rule to take action on all those user accounts that have been idle in the Active Directory and Microsoft 365 for quite a while.
Rule settings
Query Section
Setting name | Description |
---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU.
Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Query criteria |
Query criteria are sent with the query and may improve query performance.
Tip: For different samples on the criteria builder, see KB20180410-1.
|
User sync status |
Specify user sync status.
Cloud only users are out of scope of this rule. |
Last Active Directory logon (days ago) |
Set a number of days past since the user sign-in to Active Directory. |
Last Microsoft 365 sign in (any type, days ago) |
Specify the number of days since a user's last successful logon of any type (Interactive or Non-Interactive) in the Microsoft 365 environment. Use '0' and remove lastSuccessfulSignInDays, lastSuccessfulSignInDateTime attributes from 'Other Query Settings>Properties to display' and 'System properties' below to disable this check. Days filter uses the last successful sign in days.
Note: Using this parameter requires an Azure AD Premium P1/P2 license in the tenant.
|
Last Microsoft 365 service access (days ago) |
Set a minimum number of days past since a user accesses Microsoft 365 services. This queries the dates of the Microsoft activities report and takes the most recent service activity date across all services. |
Minimum AD account age (days) |
Set a minimum number of days past since user account creation. Use 0 to ignore account age. |
Minimum license assignment age (days) |
Set a minimum number of days past since the license assignment to avoid counting new users as inactive. Use 0 to ignore the license assignment date. |
Other Query Settings |
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
Filter query results |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name.
Tip: For optimal performance, use the Query criteria above to filter objects whenever possible.
|
Sort by |
Sort result object list. |
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
11.3.1 |
|
8.0.0 | Last Microsoft 365 sign in (days ago) setting is added. |
7.1.0 | The rule is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.