You want to find out the last logon time of your Microsoft 365 user accounts? If so, the right way to do this is using PowerShell. In this blog post I will carry out finding orphaned users in your Microsoft 365 environment.

Orphaned users are users that are not longer in use. Maybe you have forgotten to deactivate the users or any other circumstances have prevented you to maintain a clear and tidy up environment. This is the right time to remediate this chaos.

Connect to Microsoft 365 / Exchange Online

First we need to connect to our tenant. Run the commands below to open a PowerShell session to your Microsoft cloud.

Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber

Connect-ExchangeOnline -UserPrincipalName user@domain.com -ShowProgress $true

Fine. Let’s move on.

List orphaned Users

To find all users that haven’t logged in for 10 days run the code below.

Line 3: Just replace -10 by any number of your choosing

Get-ExoMailbox -ResultSize Unlimited -Filter "Name -notlike '*discover*'" |
Get-ExoMailboxStatistics -PropertySets All |
Where-Object LastLogonTime -LE (Get-Date).AddDays(-10) |
Sort-Object LastLogonTime |
Select-Object DisplayName, LastLogonTime,TotalItemSize

You should see something like the following output:

Fine that’s it. Now you have a list of your orphaned user accounts. Be careful when you plan to delete or disable them. I recommend checking them briefly to ensure that they are not actually being used or intended to use at a later time.