Query criteria are sent with the query and may improve query performance.

TIP: For additional information on the criteria builder, see the How to use Query Builder dialog for Query Criteria and Filter rule settings.

Specify members, guests or both should be suspended.

Specify the number of days since a user's last successful logon of any type (Interactive or Non-Interactive) in the Microsoft 365 environment.

Use '0' and remove the lastSuccessfulSignInDays, lastSuccessfulSignInDateTime attributes from the Other Query Settings>Properties to display and System properties settings below to disable this check.

Days filter uses the last successful sign in days.

NOTE: Using this parameter requires an Azure AD Premium P1/P2 license in the tenant.

Set a minimum number of days past since a user accesses Microsoft 365 services.

This queries the dates of the Microsoft activities report and takes the most recent service activity date across all services.

Set a minimum number of days past the license assignment to avoid counting new users as inactive. Use 0 to ignore the license assignment date.

Other Query Settings

Each object property defined in this setting matches the column that will be displayed in the Web Portal for this web query.

To display additional columns, add the required properties to the Properties to display list.

To add extension attribute 1 that is synchronized from AD, you need to use a value like:

"OnPremisesExtensionAttributes/extensionAttribute1~Extension Attribute 1"

List of properties required for this rule to be executed correctly.

To hide unwanted data based on criteria, not supported by the Microsoft 365 query criteria above, set the filtering conditions here.

TIP: For optimal performance, use the Query criteria above to filter objects whenever possible.

Sort result object list.

This setting is used to optimize performance by limiting the number of objects returned by the Microsoft Graph API.

Unlike query criteria, any post-filters on the returned objects are applied after they are returned, which means that the final set of returned objects could be less than the number configured here despite these objects existing in the source system. 

By default, Query criteria are used. But when the MS Graph query condition is specified, it overrides the Query criteria setting.

See this article for examples: How to use Query Builder dialog for Query Criteria and Filter rule settings.

Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule.

Due to the PowerShell limitations, it is not possible to use calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria.

IMPORTANT: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.

Example: Update AD users, created in the last ten days.

1. Add this initialization script

   Copy

   {$global:DatePeriod = (Get-Date).AddDays(-10)}

2. Use the $DatePeriod variable in the query criteria builder: