Rule description
Hybrid Office 365 Users that are members of an AD group and considered inactive according to a set of criteria.
When to use this rule
Inactive user accounts are often unnecessary and can be safely deprovisioned with Cayosoft Suspend.
Use this rule to take action on all those user accounts that have been idle in Microsoft 365 for quite a while.
Rule settings
Query Section
| Setting name | Description |
|---|---|
|
AD Group (DN) |
Specify Active Directory group DistinguishedName. The hybrid Office 365 Users that are members of an AD group will be displayed in the report. |
|
Last Microsoft 365 sign in (days ago) |
Set a minimum number of days past since a user signs in to Microsoft 365. Use 0 to disable this check. Note: Using this parameter requires an Azure AD Premium P1/P2 license in the tenant.
|
|
Last Microsoft 365 service access (days ago) |
Set a minimum number of days past since a user accesses Microsoft 365 services. This queries the dates of the Microsoft activities report and takes the most recent service activity date across all services. |
|
Minimum license assignment age (days) |
Set a minimum number of days past since the license assignment to avoid counting new users as inactive. Use 0 to ignore the license assignment date. |
|
Other Query Settings |
|
|
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
|
System properties |
List of properties required for this rule to be executed correctly. |
|
Post query-filter |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name. Tip: For optimal performance, use Query criteria above to filter objects whenever possible.
|
|
Sort by |
Sort result object list. |
|
Limit result set |
The maximum number of mailboxes returned from Office 365. The default value is taken from Maximum returned results setting on Home > Configuration > Microsoft Office 365 settings. |
|
Initialization script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 9.1.0 | Domain Controller and Credentials settings have been removed. |
| 8.0.0 | Last Microsoft 365 sign in (days ago) setting is added. |
| 7.1.0 | The rule is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.