A lot of administrators often ask in the community, “How can I export Office 365 users’ last-logon-time using PowerShell?”. Getting the last-logon-date/time of O365 user is a vital task to track the user’s last logon activity, find Inactive users and remove their licenses. The last-logon-time shows the time a user last accessed their mailbox using Outlook, WebMail, or their mobile phone.

 

Export Office 365 User Last Logon Time Using PowerShell

To find inactive users in Office 365, you can use either Exchange admin center or Get-MailboxStatistics PowerShell cmdlet. In both ways, you can’t export or use it to filter result based on Inactive days and mailbox type.

To ease your work, we have created PowerShell script to export last logon time with most required attributes like Inactive days, mailbox type, license details,creation time, administrative roles, etc.

 

Script Highlights:

1. Single script allows you to generate 5 different last login reports.
2. The script can be executed with MFA enabled account too.
3. You can generate report based on inactive days.
4. Result can be filtered based on user / all mailbox type.
5. Result can be filtered to lists never logged in mailbox alone.
6. Export results to CSV file.
7. Shows result with user’s administrative roles in O365 environment.
8. The assigned licenses column will show you the user-friendly-name like ‘Office 365 Enterprise E3’ rather than ‘ENTERPRISEPACK’.

 

Download Script: LastLogonTimeReport

 

Office 365 Last Logon Report – Sample Output:

The script exports Office 365 users’ last-logon-date to CSV with the following attributes: User Principal Name, Display Name, Last Logon Time,Creation Time, Inactive Days, Mailbox Type, Assigned Licenses (Friendly Name), Admin Roles.

 

Script Execution:

The script designed to support both MFA enabled account and non-MFA account. You can choose any one of the below methods based on the account type.

How to: Export ‘Office 365 last login report’:

To export last logon time of Office 365 users with non-MFA account, run the script as follows.

 

How to: Export ‘Office 365 last logon report’ with MFA account:

To execute script with MFA enabled account, you need to mention -MFA switch during script execution.

To Connect Exchange Online PowerShell, you need to install Exchange Online PowerShell module.

 

Unlock the Full Potential Of ‘Office 365 Last Logon Time Report’ Script:

Below are a few use-cases for ‘Export Office 365 last logon time report’ script. I’m sure you would find many. Please leave them in the comments below to help other Admins.

Apart from last login report, you can track users’ activity by users login history report.

 

Export Inactive Users Report using PowerShell

To get Inactive mailboxes, you can use -InactiveDays param which will returns mailboxes that are inactive for given days. Using this param, you can get a list of users who haven’t logged in for over ‘N’ days

The above script exports Office 365 users who are not logged in the past 50 days.

 

Export Office 365 User Mailbox Last Logon Time to CSV

Often you are in the situation to get last logon time for only user mailboxes and eliminates other types like shared mailbox, room mailbox. In that case, you can use -UserMailboxOnly param which will return user mailboxes alone in the results.

The above script exports all user mailboxes with their last login time to CSV.

 

Export Never-Logged-In Mailbox using PowerShell

To export never logged in mailbox report, run the script with -NeverLoggedInMB switch. Using this report, you can identify idle/unused mailboxes and proceed for license reconciliation. Hence you end up saving more licenses.

 

Export All Office 365 Mailbox to CSV

You can export all Office 365 Mailboxes with most useful attributes like assigned license, admin roles, Last logon time, creation time etc. To export Office 365 Mailbox report, execute the script as follows

 

Export Inactive User mailboxes in Office 365 to CSV

Multiple filters can be used together to get more granular report. For example, you can generate a list of user mailboxes who are inactive for the past 50 days.

 

Office 365 Admin Login Report using PowerShell:

Since the exported report contains admin roles, you can find Office 365 admins’ last login time. To find inactive admins, open the report with Excel and filter based on your desired role from the ‘Roles’ column.

 

Beginners Guide to Execute PowerShell Script:

Prerequisites:

• Windows PowerShell needs to be configured to run scripts, and by default, it isn’t. You need to configure this setting only once on your computer, not every time you connect.

 Steps to execute script:

1. To run script, navigate to script location and execute ./LastLogonTimeReport.ps1. The script can be executed with/without parameters. To run with parameters, refer use-cases. Once you hit enter, you will be prompted to provide your Office 365 admin credentials.                                                               
2. It will take some time depends on the number of mailboxes in your environment. After script execution, it will ask whether to open the output file.

 

How can I Schedule this script?

You can schedule this script in task scheduler by explicitly mentioning the credential.

To know more about scheduling Powershell script, refer our blog: Schedule PowerShell script using Task Scheduler.

 

Note:

As LastLogonTime attribute also updated by some background tasks like Mailbox Assistant, this report(LastLogonTime retrieved from Get-MailboxStatistics) might give inaccurate data. If you want to get users’ last logon time based on ‘real’ user’s last activity, you can refer Export Office 365 Users Real Last Logon Time Report to CSV blog.

 

Get More Detailed Users’ Last Activity Date Report:

If you want to know inactive users based on their,

• last logon time
• last activity time
• last mail read
• last mail sent
• last mail received date
• Exchange Inactive users
• Teams inactive users based on last team activity date
• SharePoint inactive users based on the SharePoint activity
• OneDrive inactive users
• Skype inactive users
• Yammer inactive users

you can take a look at AdminDroid Microsoft 365 reporting and auditing tool.

Additionally, AdminDroid provides 1500+ pre-built reports and 20 smart visually appealing dashboards to know about your Office 365 environment at a glance. This tool provides reports on Office 365 reporting, auditing, analytics, usage statistics, security & compliance, etc.

 

Besides, AdminDroid provides over 100+ reports and a handful of dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. For your Azure AD reporting and auditing needs, you can download Free Office 365 reporting tool by AdminDroid and see how it works for you.

 

If you have any queries, reach us through the comment section.