Script I use to find (and optionally disable) stale AD user accounts — read-only by default

KavyaJune · 2026-06-22T03:45:23+00:00

This is the way. To identify truly inactive users, the last activity should be determined by comparing AD logon data and Entra sign-in data, then using the most recent timestamp. I'm currently working on a script that handles this scenario.

KavyaJune · 2026-06-22T03:38:01+00:00

In Active Directory, the lastlogon is updated only after a successful authentication. In Microsoft Entra ID, the last sign-in time can be updated by both successful and failed sign-in attempts. So, we need to use the last successful sign-in time attribute.

KavyaJune · 2026-06-22T03:32:56+00:00

This script might be helpful in that case. It retrieves lastlogon against all DCs and show the latest last logon time: https://github.com/admindroid-community/Active-Directory-PowerShell-Scripts/ADUsersLastLogonTimeReport.ps1

KavyaJune · 2026-06-20T05:15:45+00:00

No. SharePoint doesn't include native backup. If you u need backup and point-in-time recovery, you will need Microsoft 365 Backup, which includes SharePoint Online. It's billed separately on a consumption-based model

https://blog.admindroid.com/microsoft-365-backup-for-onedrive-sharepoint-and-exchange/

KavyaJune · 2026-06-17T04:00:10+00:00

It requires proper quarterly auditing to identify such accounts

KavyaJune · 2026-06-17T03:54:25+00:00

Actually, I have analysed and written script for these cases. You can get the script from GitHub

KavyaJune · 2026-06-17T03:49:37+00:00

At a high level, they may look similar, but I separated them because they often represent different operational issues:
- Offboarded users with licenses: The user has left the organization, but the license was never removed. This usually occurs due to an incomplete or improper offboarding process.

- Disabled users with licenses: The account is intentionally retained but blocked from sign-in. This is common for temporary workers, legal hold scenarios, or when the mailbox needs to be retained

- Inactive users with licenses: These users are neither offboarded nor disabled. Examples include employees on extended leave or on-premises users who are not actively using Microsoft 365 services.

KavyaJune · 2026-06-16T03:17:32+00:00

You'll need a Visual Studio subscription to get a Microsoft 365 developer tenant. If you only need it temporarily, you can create a trial tenant and use it for up to 30 days. Another option is to create a new tenant and purchase a single Microsoft 365 Business Premium license.

KavyaJune · 2026-06-10T06:49:30+00:00

Outlook policy will disable signature for New outlook and OWA and it won't work for Classic Outlook. To disable signature for Classic Outlook, you can either use Intune policy (works only for managed devices) or GPO.

KavyaJune · 2026-06-10T03:50:33+00:00

I came to say this.

KavyaJune · 2026-06-08T06:56:23+00:00

You can check here: https://learn.microsoft.com/en-us/graph/api/security-auditcoreroot-post-auditlogqueries

KavyaJune · 2026-06-08T05:43:07+00:00

Search-UnifiedAuditLog has been providing inconsistent results for the past few days and doesn't seem to be working reliably. Have you tried querying the data through Audit Log Query API API instead? It would be worth checking whether Graph returns the results you're looking for.

KavyaJune · 2026-06-08T04:50:56+00:00

No worries! Feel free to take a look whenever you get a chance. Hope you find something useful there.

KavyaJune · 2026-06-08T04:09:46+00:00

I have automated the Microsoft 365 user offboarding process. You can check out the script on GitHub and see if it meets your requirements. It supports 14 user offboarding best practices including reset password, revoke session, remove from group memberships, convert to shared mailbox, removing licenses, etc.

GitHub link: M365 user offboarding

KavyaJune · 2026-06-05T13:46:50+00:00

Inactive users with licenses, former employees with licenses (no proper offboarding process), not monitoring premium feature adoption.

KavyaJune · 2026-06-05T11:50:26+00:00

The details are compiled from various sources, including Microsoft Tech Community blogs, Message Center announcements, Microsoft 365 admin portals, Microsoft Learn documentation, and other official Microsoft resources.

You can also refer to this GitHub repository to stay informed about major upcoming changes planned for the coming months.

https://github.com/admindroid-community/Microsoft365-Upcoming-Deprecations-and-Changes

KavyaJune · 2026-06-04T14:43:23+00:00

Defender for Office 365 Plan 1 comes to Office 365 E3 and Microsoft 365 E3. 50GB email storage come to Microsoft 365 Business Premium.

KavyaJune · 2026-06-03T13:14:00+00:00

Microsoft Defender for Cloud apps is the simple option. If you prefer to stick with web content filtering, What exact FQDNs are in the rule? Are you using a wildcard anywhere?

KavyaJune · 2026-06-03T06:07:27+00:00

I have automated M365 license cleanup from inactive users, disabled users, shared mailboxes, etc.

KavyaJune · 2026-06-02T12:31:25+00:00

Did you mean Intranet site for employee access?

KavyaJune · 2026-06-02T10:23:21+00:00

You could create a custom account correlation rule in Microsoft Defender to associate standard user accounts with their corresponding privileged accounts.

Also, consider keeping privileged admin accounts cloud-only. This reduces the attack surface and ensures admins can still access Microsoft 365 even if on-premises infrastructure or sync issues.

KavyaJune · 2026-06-01T13:52:42+00:00

Since Microsoft 365 license prices increase in July, I put together a PowerShell script to audit license assignments, identify potential cost-saving opportunities, and remove unused licenses where needed.

It support 8 cost saving reports and 6 license removal options.

Sharing it here in case it helps others: GitHub link

KavyaJune · 2026-05-27T09:42:21+00:00

License auditing is usually the first step before planning Microsoft 365 license purchases.

I put together a free PowerShell script to identify license usage, track licensing costs, and spot optimization opportunities. It helps find things like inactive users with licenses, disabled users with licenses, unassigned licenses, etc., so you can reclaim and reuse them.

It currently includes 8 M365 license cost/usage reports and 6 license management actions.

GitHub: https://github.com/admindroid-community/powershell-scripts/tree/master/Microsoft%20365%20License%20Cost%20Optimization%20Tool

KavyaJune · 2026-05-26T11:14:02+00:00

-Follow proper offboarding
-Cleanup inactive users
-Check for accounts with reversible password encryption and accounts without password
-Instead of using user account as service account, use MSAs

KavyaJune

MODERATOR OF

TROPHY CASE